CVE-2025-12657 | THREATINT

Description

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

PUBLISHED Reserved 2025-11-03 | Published 2025-11-03 | Updated 2025-11-03 | Assigner mongodb

MEDIUM: 5.9CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

6.0 (custom) before 7.0.22

affected

8.0 (custom) before 8.0.10

affected

References

jira.mongodb.org/browse/SERVER-101230

cve.org (CVE-2025-12657)

nvd.nist.gov (CVE-2025-12657)

Download JSON