Home

Description

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8.2 versions prior to 8.2.1.

PUBLISHED Reserved 2025-11-21 | Published 2025-11-25 | Updated 2025-11-25 | Assigner mongodb




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-1284 Improper Validation of Specified Quantity in Input

Product status

Default status
unaffected

7.0 (custom) before 7.0.26
affected

8.0 (custom) before 8.0.16
affected

8.2 (custom) before 8.2.1
affected

References

jira.mongodb.org/browse/SERVER-108565

cve.org (CVE-2025-13507)

nvd.nist.gov (CVE-2025-13507)

Download JSON