CVE-2025-3083 — Uncaught Exception in INC Mongodb Server

CWE-248 — Uncaught Exception4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 50.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedApr 1

Description

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmongodb/mongodb5.0.0 — 5.0.31+2

▶CVEListV5mongodb_inc/mongodb_server5.0 — 5.0.31+2

🔴Vulnerability Details

GHSA

GHSA-5ggp-wm87-2p6g: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation↗2025-04-01

▶

CVEList

Malformed MongoDB wire protocol messages may cause mongos to crash↗2025-04-01

▶

OSV

CVE-2025-3083: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation↗2025-04-01

▶