CVE-2025-3082
- Source
- https://cve.org/CVERecord?id=CVE-2025-3082
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3082.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-3082
- Aliases
- Downstream
- Published
- 2025-04-01T11:15:39.517Z
- Modified
- 2026-04-12T14:42:34.065212Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "5.0.0" }, { "fixed": "5.0.31" }, { "introduced": "6.0.0" }, { "fixed": "6.0.20" }, { "introduced": "7.0.0" }, { "fixed": "7.0.14" }, { "introduced": "7.3.0" }, { "fixed": "7.3.4" } ] }
Affected versions
r5.*
r5.0.0
r5.0.1
r5.0.1-rc0
r5.0.10
r5.0.10-rc0
r5.0.11
r5.0.11-rc0
r5.0.11-rc1
r5.0.12
r5.0.12-rc0
r5.0.13
r5.0.13-rc0
r5.0.14
r5.0.14-rc0
r5.0.15
r5.0.15-rc0
r5.0.15-rc1
r5.0.15-rc2
r5.0.16
r5.0.16-rc0
r5.0.17
r5.0.17-rc0
r5.0.18
r5.0.18-rc0
r5.0.18-rc1
r5.0.18-rc2
r5.0.19
r5.0.19-rc0
r5.0.2
r5.0.2-rc0
r5.0.20
r5.0.20-rc0
r5.0.20-rc1
r5.0.21
r5.0.21-rc0
r5.0.22
r5.0.22-rc0
r5.0.22-rc1
r5.0.23
r5.0.23-rc0
r5.0.24
r5.0.24-rc0
r5.0.25
r5.0.25-rc0
r5.0.26
r5.0.26-rc0
r5.0.27
r5.0.27-rc0
r5.0.28
r5.0.28-rc0
r5.0.29
r5.0.29-rc0
r5.0.3
r5.0.3-rc0
r5.0.3-rc1
r5.0.3-rc2
r5.0.30
r5.0.31-rc0
r5.0.4
r5.0.4-rc0
r5.0.5
r5.0.5-rc0
r5.0.6
r5.0.6-rc0
r5.0.6-rc1
r5.0.6-rc2
r5.0.7
r5.0.7-rc0
r5.0.7-rc1
r5.0.8
r5.0.8-rc0
r5.0.9
r5.0.9-rc0
r5.0.9-rc1
r6.*
r6.0.0
r6.0.1
r6.0.1-rc0
r6.0.10
r6.0.10-rc0
r6.0.11
r6.0.11-rc0
r6.0.12
r6.0.12-rc0
r6.0.12-rc1
r6.0.13
r6.0.13-rc0
r6.0.14
r6.0.14-rc0
r6.0.14-rc1
r6.0.15
r6.0.15-rc0
r6.0.16
r6.0.16-rc0
r6.0.17
r6.0.17-rc0
r6.0.18
r6.0.18-rc0
r6.0.19
r6.0.2
r6.0.2-rc0
r6.0.2-rc1
r6.0.20-rc0
r6.0.20-rc1
r6.0.20-rc2
r6.0.3
r6.0.3-rc0
r6.0.3-rc1
r6.0.3-rc2
r6.0.4
r6.0.4-rc0
r6.0.4-rc1
r6.0.5
r6.0.5-rc0
r6.0.5-rc1
r6.0.6
r6.0.6-rc0
r6.0.6-rc1
r6.0.7
r6.0.7-rc0
r6.0.8
r6.0.8-rc0
r6.0.9
r6.0.9-rc0
r6.0.9-rc1
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r7.3.0
r7.3.1
r7.3.1-rc0
r7.3.1-rc1
r7.3.1-rc2
r7.3.2
r7.3.2-rc0
r7.3.2-rc1
r7.3.3
r7.3.3-rc0
r7.3.4-rc0
r7.3.4-rc1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3082.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"111874932942046114223144494633221209129",
"256161905959451949254944526044843089200",
"256297468071740735162236456708360012742",
"235830183144559937999253149604957112306",
"333439315193046824989860925238314039277",
"67806875461468992500661772377747545565",
"315068057892469383161678055746093791167",
"163662512404082480371673185596467494915",
"305521259106150362239553553475319460417",
"237949536939246254356068982710758675285",
"233368596813223622005935141840143744284",
"249840967872087541426899006816657862039"
]
},
"id": "CVE-2025-3082-37cd3957",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"length": 229.0,
"function_hash": "158583053690993594079961819885580517603"
},
"id": "CVE-2025-3082-68b5792a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"function": "DocumentSourceUnwind::Unwinder::Unwinder",
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"301870103497820413148681040654540305254",
"109461579742329986580414407415072276415",
"103535047316262997435395590132144754438",
"38842998314046113554393337485390801824",
"132337306073161130046903095527367563622",
"7164343108274904571523416685628470821",
"8433349432413735156480043012593625388"
]
},
"id": "CVE-2025-3082-7b8b46be",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/1b488fa20bdc54915b89f3a6ef981742adbe8cb2",
"target": {
"file": "src/mongo/db/commands/list_collections.cpp"
}
},
{
"digest": {
"length": 959.0,
"function_hash": "317059203157195173859428266013583839835"
},
"id": "CVE-2025-3082-98e95ab3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7",
"target": {
"function": "ShardServerOpObserver::onCreateCollection",
"file": "src/mongo/db/s/shard_server_op_observer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"338095024408874251521027627609623809923",
"19517780008182253857358285612128038534",
"95532667481650364120857114228697583222",
"224358683231941325215866037278555672552"
]
},
"id": "CVE-2025-3082-a50b1d1c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7",
"target": {
"file": "src/mongo/db/s/shard_server_op_observer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"22086865423945277420463346282675410359",
"230789960585398782210326326319515422235",
"248302116163759668327706100034840776012"
]
},
"id": "CVE-2025-3082-c5867b8d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/document_source_unwind_test.cpp"
}
},
{
"digest": {
"length": 1055.0,
"function_hash": "178158968249656320450514116893340795177"
},
"id": "CVE-2025-3082-c61a0dde",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"function": "DocumentSourceUnwind::Unwinder::getNext",
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"222656228999319984345615210932081431974",
"193954611145980170235708013613831262012",
"28258538037177236396132426160576990472",
"225632782582637378616067280143374015707",
"74892736587624400858128677358105557890",
"63274386290555953020237546162368808513"
]
},
"id": "CVE-2025-3082-e8342bcf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/field_path.h"
}
}
]
vanir_signatures_modified
"2026-04-12T14:42:34Z"