CVE-2025-3084 — Improper Check or Handling of Exceptional Conditions in INC Mongodb Server

CWE-703 — Improper Check or Handling of Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 34.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedApr 1

Description

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mongodb_inc/mongodb_server5.0 — 5.0.31+3

▶NVDmongodb/mongodb5.0.0 — 5.0.31+3

🔴Vulnerability Details

GHSA

GHSA-75j9-xw79-qxqv: When run on commands with certain arguments set, explain may fail to validate these arguments before using them↗2025-04-01

▶

CVEList

MongoDB Server may crash due to improper validation of explain command↗2025-04-01

▶

OSV

CVE-2025-3084: When run on commands with certain arguments set, explain may fail to validate these arguments before using them↗2025-04-01

▶