CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

References

https://jira.mongodb.org/browse/SERVER-101230

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo

Events

Introduced

e61bf27c2f6a83fed36e5a13c008a32d563babe2

Fixed

dacdbc3df2fbe579b03336a2f01fc9aedf406a41

Introduced

b41cda4fe697dce6fd9b83b3805362ccc02fbeb3

Fixed

a25a91f17ac7d38e530defb84840cef26964f0bd

Database specific

{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "7.0.22"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.10"
        }
    ]
}

Affected versions

r8.*

r8.0.0

r8.0.1

r8.0.1-rc0

r8.0.2

r8.0.3

r8.0.4

r8.0.4-rc0

r8.0.5

r8.0.5-rc0

r8.0.5-rc1

r8.0.5-rc2

r8.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12657.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "170810567694619582218325827979320844819",
            "length": 222.0
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-09cc0615",
        "target": {
            "file": "src/mongo/db/query/canonical_query_test.cpp",
            "function": "TEST"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "13236081645074493115127001406131911299",
                "32815437550975849390738133222164712455",
                "97250326467089322403696436759510875041",
                "130220526898473437428672593103114463037"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-28057e63",
        "target": {
            "file": "src/mongo/db/query/get_executor.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "91660256789222474456476205099263621914",
            "length": 392.0
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-35dd40fb",
        "target": {
            "file": "src/mongo/db/query/query_planner_tree_test.cpp",
            "function": "TEST_F"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "259041850611534104466084886859312154654",
                "209571827967119472844100407222830729771",
                "221652195236482708432158039780313247440"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-4d96a211",
        "target": {
            "file": "src/mongo/db/query/canonical_query.h"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "282765062060540820013904249999369091735",
                "300291622994495336463358897248157878965",
                "171295154459370418954909748630098851460",
                "264717989889958699510278395341009123178",
                "286921937843054147385921250452426071137",
                "212177683335443537294930353787718564470",
                "154072217225560505992627186916787245632",
                "339038656703438971026792802796071385997"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/a25a91f17ac7d38e530defb84840cef26964f0bd",
        "id": "CVE-2025-12657-506fa5cb",
        "target": {
            "file": "src/mongo/transport/asio/asio_session_impl.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "156090998067393006199077392588973597889",
            "length": 88.0
        },
        "source": "https://github.com/mongodb/mongo/commit/a25a91f17ac7d38e530defb84840cef26964f0bd",
        "id": "CVE-2025-12657-aa314a9d",
        "target": {
            "file": "src/mongo/transport/asio/asio_session_impl.cpp",
            "function": "CommonAsioSession::isLoadBalancerPeer"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "179129717886469733075672751986633638480",
            "length": 121.0
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-b4300cd3",
        "target": {
            "file": "src/mongo/db/query/canonical_query_test.cpp",
            "function": "TEST"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "55836396164299393863275218643947047121",
                "247898015159499049520840962143521581548",
                "23538965146590376039815961727495063309",
                "73893154509656724043861091875594038976"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-c4902ad9",
        "target": {
            "file": "src/mongo/db/query/canonical_query_encoder_test.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "80902743015685727946894915990527748965",
                "176949779465539464536476382397679852955",
                "138011484810510969231374758577969819287",
                "213412792009456961805509708886495972031",
                "108030136181449000469460296639111922283",
                "259216495627230221219155342714306677591",
                "248422617507567503859301171305254340460",
                "245172356663580774147851102062929329842",
                "7994405613649427159682553495468608834",
                "305257036493543719456646007101986473421",
                "208303643772143893856671318066682687209",
                "199288333105912257288505536857893054571",
                "130816849182030429263138698125736179179",
                "3803095995514920701987929798503187434",
                "331120441307678997525871227890531343653",
                "4014394743506684706307958354607111043",
                "145785154675042814859234771874744716077",
                "300795417569439173402529912154615822191",
                "112765197846815209255450283462700714039",
                "285473019838526984620851944074290052422"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-e110b1d7",
        "target": {
            "file": "src/mongo/db/query/canonical_query.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "319155624397254202599116224418532377270",
                "320519262511008027629451689690475781923",
                "208462697800841384490668256992285694018",
                "213346500170575268019869843214449743933",
                "247019561929076384094690448831332001219",
                "91764808502864669515496362977122693840",
                "258830790253090992989549304973920386937",
                "51852030045595014727650341916501865161",
                "140711571707803073313743064961857373733",
                "249806296299264674804490985719791734340",
                "204374830227116296807761629752258449460"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-eb949776",
        "target": {
            "file": "src/mongo/db/query/canonical_query_test.cpp"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "250624715087004535328972305640756178805",
                "148536438517875864651429272475526442940",
                "165014192351556472067212166349818389903",
                "49068151080804240088294744416265804817",
                "287242365717231291471612982454676213701",
                "323584313059038749367409677271617447863",
                "86121875653440403020767995825324230918",
                "86345351477897519473606718549341170251",
                "291880075665522310213812374355336024030",
                "9791660833690490751516611827213350840",
                "303693624070357428057007922409213264272"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/mongodb/mongo/commit/dacdbc3df2fbe579b03336a2f01fc9aedf406a41",
        "id": "CVE-2025-12657-fa8a5c8b",
        "target": {
            "file": "src/mongo/db/query/query_planner_tree_test.cpp"
        }
    }
]