CVE-2025-13644
published 2025-11-25CVE-2025-13644: MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.25%
16.4th percentile
MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | — | — |
| mongodb | mongodb | >= 7.0.0 < 7.0.26 | 7.0.26 |
| mongodb | mongodb | >= 8.0.0 < 8.0.13 | 8.0.13 |
| mongodb | mongodb | >= 8.1.0 < 8.1.2 | 8.1.2 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.26 | 7.0.26 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.13 | 8.0.13 |
| mongodb_inc | mongodb_server | >= 8.1 < 8.1.2 | 8.1.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-13644: MongoDB Server may experience an invariant failure during batched delete operations when handling documents
osv·2025-11-25·CVSS 7.1
CVE-2025-13644 [HIGH] CVE-2025-13644: MongoDB Server may experience an invariant failure during batched delete operations when handling documents
MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2
GHSA
GHSA-73mg-mfgw-wp2f: MongoDB Server may experience an invariant failure during batched delete operations when handling documents
ghsa_unreviewed·2025-11-25
CVE-2025-13644 [HIGH] CWE-617 GHSA-73mg-mfgw-wp2f: MongoDB Server may experience an invariant failure during batched delete operations when handling documents
MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-25
Published