Home

Description

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

PUBLISHED Reserved 2025-11-03 | Published 2025-11-03 | Updated 2025-11-03 | Assigner mongodb




MEDIUM: 5.9CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status
unaffected

6.0 (custom) before 7.0.22
affected

8.0 (custom) before 8.0.10
affected

References

jira.mongodb.org/browse/SERVER-101230

cve.org (CVE-2025-12657)

nvd.nist.gov (CVE-2025-12657)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.