Primary

Context

MongoDB Server Buffer Over-Read Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in MongoDB Server versions 7.0 prior to 7.0.25, 8.0 prior to 8.0.15, and 8.2.0. This issue allows an authorized user to crash the MongoDB server by causing a buffer over-read. The vulnerability arises when a data definition language (DDL) operation is issued while queries are being processed, under certain conditions.

Impact

Exploitation of this vulnerability causes the MongoDB server to crash, disrupting service availability.

Reproduction

The vulnerability can be reproduced by issuing a DDL operation while simultaneous queries are being processed. This can be done under specific conditions that allow the DDL operation to interfere with the query execution, leading to a buffer over-read and causing the server to crash.

Remediation

Users can upgrade to MongoDB Server versions 8.2.1 or 8.3.0-rc0 to address this vulnerability.

Added: Oct 20, 2025, 6:24 PM

Updated: Oct 20, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.8

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Buffer Over-Read Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating