CVE-2025-3085Improper Check for Certificate Revocation in INC Mongodb Server

CWE-299Improper Check for Certificate Revocation4 documents4 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
0.2%
top 62.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedApr 1

Description

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server5.05.0.31+3
NVDmongodb/mongodb5.0.05.0.31+3

🔴Vulnerability Details

3
GHSA
GHSA-v8j7-gw8h-m2j4: A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status2025-04-01
OSV
CVE-2025-3085: A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status2025-04-01
CVEList
MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked2025-04-01
CVE-2025-3085 — INC Mongodb Server vulnerability | cvebase