CVE-2025-13643
- Source
- https://cve.org/CVERecord?id=CVE-2025-13643
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13643.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-13643
- Aliases
- Downstream
- Published
- 2025-11-25T06:15:45.580Z
- Modified
- 2026-04-12T17:58:58.784344Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.0.26" }, { "introduced": "8.0.0" }, { "fixed": "8.0.14" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha0" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha1" }, { "introduced": "0" }, { "last_affected": "8.2.0-alpha2" } ] }
Affected versions
0.*
0.9.1
1.*
1.7-cut
r0.*
r0.0.3
r0.0.4_rc1
r0.0.6_rc1
r0.0.7_rc1
r0.0.7_rc2
r0.0.7_rc3
r0.0.7_rc4
r0.0.9_rc1
r0.1.0_rc1
r0.1.2_rc1
r0.1.3_rc1
r0.1.4_rc1
r0.1.5_rc1
r0.1.6_rc1
r0.2.1
r0.9.1
r0.9.10
r0.9.5
r0.9.6
r0.9.8
r0.9.9
r1.*
r1.1.1
r1.1.3
r1.3.0
r1.3.4
r1.5.0
r1.5.1
r1.5.2
r1.5.5
r1.5.6
r1.7.5
r1.7.6
r1.8.0-rc0
r2.*
r2.1.1
r2.1.2
r2.2.0-rc0
r2.3.1
r2.3.2
r2.4.0-rc0
r2.4.0-rc1
r2.4.0-rc2
r2.4.0.rc1
r2.5.1
r2.5.2
r2.5.3
r2.5.4
r2.5.5
r2.6.0-rc0
r2.6.0-rc1
r2.7.0
r2.7.1
r2.7.2
r2.7.3
r2.7.4
r2.7.5
r2.7.6
r2.7.7
r2.7.8
r2.8.0-rc0
r2.8.0-rc1
r2.8.0-rc2
r2.8.0-rc3
r2.8.0-rc4
r2.8.0-rc5
r3.*
r3.1.0
r3.1.1
r3.1.2
r3.1.3
r3.1.4
r3.1.5
r3.1.6
r3.1.7
r3.1.8
r3.1.9
r3.2.0
r3.2.0-rc0
r3.2.0-rc1
r3.2.0-rc2
r3.2.0-rc3
r3.2.0-rc4
r3.2.0-rc5
r3.2.0-rc6
r3.3.0
r3.3.1
r3.3.10
r3.3.11
r3.3.12
r3.3.13
r3.3.14
r3.3.15
r3.3.2
r3.3.3
r3.3.4
r3.3.5
r3.3.6
r3.3.7
r3.3.8
r3.3.9
r3.4.0-rc0
r3.4.0-rc1
r3.4.0-rc2
r3.4.0-rc3
r3.5.0
r3.5.1
r3.5.10
r3.5.11
r3.5.12
r3.5.13
r3.5.2
r3.5.3
r3.5.4
r3.5.5
r3.5.6
r3.5.7
r3.5.8
r3.5.9
r3.6.0-rc0
r3.6.0-rc1
r3.6.0-rc2
r3.6.0-rc3
r3.6.0-rc4
r3.7.0
r3.7.1
r3.7.2
r3.7.3
r3.7.4
r3.7.5
r3.7.6
r3.7.7
r3.7.8
r3.7.9
r4.*
r4.0.0-rc0
r4.1.0
r4.1.1
r4.1.10
r4.1.11
r4.1.12
r4.1.13
r4.1.2
r4.1.3
r4.1.4
r4.1.5
r4.1.6
r4.1.7
r4.1.8
r4.1.9
r4.3.0
r4.3.1
r4.3.2
r4.3.3
r4.3.4
r4.5.0
r4.8.0-alpha
r4.9.0-alpha
r4.9.0-alpha0
r4.9.0-alpha1
r4.9.0-alpha2
r4.9.0-alpha3
r4.9.0-alpha4
r4.9.0-alpha5
r4.9.0-alpha6
r4.9.0-alpha7
r5.*
r5.0.0-alpha
r5.0.0-alpha0
r5.1.0-alpha
r5.2.0-alpha
r5.3.0-alpha
r5.3.0-alpha0
r5.3.0-alpha1
r5.3.0-alpha2
r5.3.0-alpha3
r5.3.0-alpha4
r6.*
r6.0.0-alpha
r6.0.0-alpha0
r6.0.0-alpha1
r6.1.0-alpha
r6.2.0-alpha
r6.3.0-alpha
r6.3.0-alpha0
r6.3.0-rc0
r7.*
r7.0.0
r7.0.0-alpha
r7.0.0-alpha0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.16
r7.0.16-rc0
r7.0.16-rc1
r7.0.17
r7.0.18
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.21
r7.0.21-alpha0
r7.0.21-rc0
r7.0.22
r7.0.22-rc0
r7.0.23
r7.0.23-rc0
r7.0.23-rc1
r7.0.24
r7.0.24-rc0
r7.0.25-alpha0
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r7.1.0-alpha
r7.1.0-alpha0
r7.2.0-alpha
r7.2.0-alpha0
r7.3.0-alpha
r7.3.0-alpha0
r7.3.0-alpha1
r7.3.0-rc0
r8.*
r8.0.0
r8.0.0-alpha
r8.0.0-alpha0
r8.0.0-alpha1
r8.0.0-alpha2
r8.0.1
r8.0.1-rc0
r8.0.10
r8.0.10-rc0
r8.0.12
r8.0.12-rc0
r8.0.13
r8.0.13-rc0
r8.0.13-rc1
r8.0.13-rc2
r8.0.14-rc0
r8.0.2
r8.0.3
r8.0.4
r8.0.4-rc0
r8.0.5
r8.0.5-rc0
r8.0.5-rc1
r8.0.5-rc2
r8.0.6
r8.1.0-alpha
r8.1.0-alpha0
r8.1.0-alpha1
r8.1.0-alpha2
r8.1.0-alpha3
r8.2.0-alpha
r8.2.0-alpha0
r8.2.0-alpha1
r8.2.0-alpha2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13643.json"
vanir_signatures_modified
"2026-04-12T17:58:58Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "src/mongo/util/net/ssl_manager_windows.cpp",
"function": "validatePeerCertificate"
},
"signature_type": "Function",
"digest": {
"function_hash": "169396510644917166107972285471505278925",
"length": 5523.0
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"id": "CVE-2025-13643-0d7700d5"
},
{
"deprecated": false,
"target": {
"file": "src/mongo/util/net/ssl_manager_windows.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"255094620203238166973302767875286180987",
"311318788437859314187108745684874069447",
"13195629967762718487111799273423913192",
"145659902616350294817239749199959363992",
"221972074441494021565962355714822796262",
"48835208987546656192845547932509644477",
"87708939807646049295739831013123777386",
"10193593850898967193818537886210518552",
"331231889353555350497810337678926637920",
"152234860073312542299676805758359870241"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"id": "CVE-2025-13643-1ac5af1d"
},
{
"deprecated": false,
"target": {
"file": "src/mongo/util/net/ssl_manager_apple.cpp"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"52207717764756858887103230689427858974",
"241284099896496899084843301553798842386",
"81015194422365157642401834775353309989",
"306832239360780013917147226125039650941"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"id": "CVE-2025-13643-5d8a373e"
},
{
"deprecated": false,
"target": {
"file": "src/mongo/util/net/ssl_manager_apple.cpp",
"function": "CreateSecTrustPolicies"
},
"signature_type": "Function",
"digest": {
"function_hash": "60854262378866240810463600752329606435",
"length": 715.0
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec",
"id": "CVE-2025-13643-a2bd2a3d"
}
]