CVE-2025-10061

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions prior to 8.1.2

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-99616	Vendor Advisory Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*

History

18 Sep 2025, 16:00

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Mongodb Mongodb mongodb
CPE		cpe:2.3:a:mongodb:mongodb:::::-:::*
References	~~() https://jira.mongodb.org/browse/SERVER-99616 -~~	() https://jira.mongodb.org/browse/SERVER-99616 - Vendor Advisory, Issue Tracking

05 Sep 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-05 21:15

Updated : 2025-09-18 16:00

NVD link : CVE-2025-10061

Mitre link : CVE-2025-10061

CVE.ORG link : CVE-2025-10061

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2025-10061", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-09-05T21:15:35.163", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-99616", "tags": ["Vendor Advisory", "Issue Tracking"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions prior to 8.1.2"}], "lastModified": "2025-09-18T16:00:48.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4B41FDF6-9C22-4DD9-AD0F-53FD49C5D3AF", "versionEndExcluding": "6.0.25", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "C21F2519-990E-4BD7-9D52-817B867087CC", "versionEndExcluding": "7.0.22", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "3E48A4BB-5DD8-4615-937B-F24475E4CDF4", "versionEndExcluding": "8.0.12", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DC3673C5-AE4F-4E95-BF80-7CC6369BE6C1", "versionEndExcluding": "8.1.2", "versionStartIncluding": "8.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}