CVE-2025-3082
published 2025-04-01CVE-2025-3082: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.17%
6.6th percentile
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 5.0.0 < 5.0.31 | 5.0.31 |
| mongodb | mongodb | >= 6.0.0 < 6.0.20 | 6.0.20 |
| mongodb | mongodb | >= 7.0.0 < 7.0.14 | 7.0.14 |
| mongodb | mongodb | >= 7.3.0 < 7.3.4 | 7.3.4 |
| mongodb_inc | mongodb_server | >= 5.0 < 5.0.31 | 5.0.31 |
| mongodb_inc | mongodb_server | >= 6.0 < 6.0.20 | 6.0.20 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.14 | 7.0.14 |
| mongodb_inc | mongodb_server | >= 7.3 < 7.3.4 | 7.3.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-77w4-3h74-q5hf: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlyin
ghsa_unreviewed·2025-04-01
CVE-2025-3082 [LOW] CWE-284 GHSA-77w4-3h74-q5hf: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlyin
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
OSV
CVE-2025-3082: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlyin
osv·2025-04-01·CVSS 5.4
CVE-2025-3082 [MEDIUM] CVE-2025-3082: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlyin
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
Suricata
ET EXPLOIT Apache Struts Local File Inclusion Attempt Inbound (CVE-2016-3082)
suricata·2025-07-08·CVSS 9.8
CVE-2016-3082 [CRITICAL] ET EXPLOIT Apache Struts Local File Inclusion Attempt Inbound (CVE-2016-3082)
ET EXPLOIT Apache Struts Local File Inclusion Attempt Inbound (CVE-2016-3082)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Apache Struts Local File Inclusion Attempt Inbound (CVE-2016-3082)"; flow:established,to_server; http.uri; content:"/XSLAction.action"; content:"xslt.location="; fast_pattern; reference:cve,2016-3082; classtype:attempted-admin; sid:2063344; rev:1; metadata:affected_product Apache_Struts2, attack_target Server, created_at 2025_07_08, cve CVE_2016_3082, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target
No public exploits indexed.
No writeups or analysis indexed.
2025-04-01
Published