MongoDB Wire Protocol Message Handling Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in MongoDB components 'mongos' across multiple versions. Specifically crafted wire protocol messages can cause 'mongos' to crash during command validation. This issue arises without the need for an authenticated connection. Affected versions include MongoDB 5.0 prior to 5.0.31, MongoDB 6.0 prior to 6.0.20, and MongoDB 7.0 prior to 7.0.16.

Impact

Exploitation of this vulnerability leads to a crash of the 'mongos' process, causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Wire Protocol Message Handling Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating