Home

Description

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.

PUBLISHED Reserved 2025-09-05 | Published 2025-09-05 | Updated 2025-09-05 | Assigner mongodb




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

6.0 (custom) before 6.0.24
affected

7.0 (custom) before 7.0.18
affected

8.0 (custom) before 8.0.6
affected

References

jira.mongodb.org/browse/SERVER-100901

jira.mongodb.org/browse/SERVER-100909

cve.org (CVE-2025-10059)

nvd.nist.gov (CVE-2025-10059)

Download JSON