CVE-2025-11979 | THREATINT

Description

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

PUBLISHED Reserved 2025-10-20 | Published 2025-10-20 | Updated 2025-10-20 | Assigner mongodb

MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-416 Use After Free

Product status

Default status

unaffected

8.2.0 (Custom)

affected

8.0.0 (Custom) before 8.0.14

affected

7.0.0 (Custom) before 7.0.25

affected

References

jira.mongodb.org/browse/SERVER-105873

cve.org (CVE-2025-11979)

nvd.nist.gov (CVE-2025-11979)

Download JSON