Primary

Context

MongoDB Rust Driver TLS Insecure Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in the MongoDB Rust Driver in versions prior to 3.2.5, where disabling certificate validation can be achieved by setting tlsInsecure=False in the connection string. This flaw allows for insecure TLS connections by bypassing proper certificate verification.

Impact

Exploiting this vulnerability leads to insecure TLS connections, allowing potential man-in-the-middle attacks by disabling certificate validation.

Remediation

Users can upgrade to MongoDB Rust Driver version 3.2.5 or later to address this vulnerability.

Added: Oct 13, 2025, 5:19 PM

Updated: Oct 13, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Rust Driver TLS Insecure Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

MongoDB Rust Driver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating