CVE-2025-11979

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-105873	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*

History

04 Dec 2025, 21:23

Type	Values Removed	Values Added
First Time		Mongodb Mongodb mongodb
CPE		cpe:2.3:a:mongodb:mongodb:::::-:::*
References	~~() https://jira.mongodb.org/browse/SERVER-105873 -~~	() https://jira.mongodb.org/browse/SERVER-105873 - Vendor Advisory

20 Oct 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-20 18:15

Updated : 2025-12-04 21:23

NVD link : CVE-2025-11979

Mitre link : CVE-2025-11979

CVE.ORG link : CVE-2025-11979

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-416

Use After Free

5.3 /10