CVE-2025-13643
- Source
- https://cve.org/CVERecord?id=CVE-2025-13643
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13643.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-13643
- Aliases
- Downstream
- Published
- 2025-11-25T06:15:45.580Z
- Modified
- 2026-03-12T17:38:19.829440Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.0.26" }, { "introduced": "8.0.0" }, { "fixed": "8.0.14" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha0" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha1" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha2" } ] }
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "169396510644917166107972285471505278925",
"length": 5523.0
},
"id": "CVE-2025-13643-0d7700d5",
"target": {
"function": "validatePeerCertificate",
"file": "src/mongo/util/net/ssl_manager_windows.cpp"
}
},
{
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"255094620203238166973302767875286180987",
"311318788437859314187108745684874069447",
"13195629967762718487111799273423913192",
"145659902616350294817239749199959363992",
"221972074441494021565962355714822796262",
"48835208987546656192845547932509644477",
"87708939807646049295739831013123777386",
"10193593850898967193818537886210518552",
"331231889353555350497810337678926637920",
"152234860073312542299676805758359870241"
]
},
"id": "CVE-2025-13643-1ac5af1d",
"target": {
"file": "src/mongo/util/net/ssl_manager_windows.cpp"
}
},
{
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"52207717764756858887103230689427858974",
"241284099896496899084843301553798842386",
"81015194422365157642401834775353309989",
"306832239360780013917147226125039650941"
]
},
"id": "CVE-2025-13643-5d8a373e",
"target": {
"file": "src/mongo/util/net/ssl_manager_apple.cpp"
}
},
{
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "60854262378866240810463600752329606435",
"length": 715.0
},
"id": "CVE-2025-13643-a2bd2a3d",
"target": {
"function": "CreateSecTrustPolicies",
"file": "src/mongo/util/net/ssl_manager_apple.cpp"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13643.json"