CVE-2025-3084

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-103153	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::

History

24 Sep 2025, 15:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mongodb:mongodb::::::::
References	~~() https://jira.mongodb.org/browse/SERVER-103153 -~~	() https://jira.mongodb.org/browse/SERVER-103153 - Issue Tracking, Vendor Advisory
First Time		Mongodb Mongodb mongodb
Summary		(es) Al ejecutar comandos con ciertos argumentos definidos, es posible que explain no los valide antes de usarlos. Esto puede provocar fallos en los servidores del enrutador. Esto afecta a MongoDB Server v5.0 anterior a la 5.0.31, MongoDB Server v6.0 anterior a la 6.0.20, MongoDB Server v7.0 anterior a la 7.0.16 y MongoDB Server v8.0 anterior a la 8.0.4.

01 Apr 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 12:15

Updated : 2025-09-24 15:37

NVD link : CVE-2025-3084

Mitre link : CVE-2025-3084

CVE.ORG link : CVE-2025-3084

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-703

Improper Check or Handling of Exceptional Conditions

{"id": "CVE-2025-3084", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-01T12:15:16.037", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-103153", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-703"}]}], "descriptions": [{"lang": "en", "value": "When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4"}, {"lang": "es", "value": "Al ejecutar comandos con ciertos argumentos definidos, es posible que explain no los valide antes de usarlos. Esto puede provocar fallos en los servidores del enrutador. Esto afecta a MongoDB Server v5.0 anterior a la 5.0.31, MongoDB Server v6.0 anterior a la 6.0.20, MongoDB Server v7.0 anterior a la 7.0.16 y MongoDB Server v8.0 anterior a la 8.0.4."}], "lastModified": "2025-09-24T15:37:39.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66128ED7-B1B4-44B8-9295-D27461F161EA", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F398EABB-311B-4726-A414-537D4EEE1A26", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E95B2F98-7920-4A34-8E4F-F01DB87A76FA", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D4E4E5-38B7-4D78-9F60-AE11C2234307", "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}