CVE-2025-3083
- Source
- https://cve.org/CVERecord?id=CVE-2025-3083
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3083.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-3083
- Aliases
- Downstream
- Published
- 2025-04-01T12:15:15.883Z
- Modified
- 2026-04-12T14:42:34.293452Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r5.*
r5.0.0
r5.0.1
r5.0.1-rc0
r5.0.10
r5.0.10-rc0
r5.0.11
r5.0.11-rc0
r5.0.11-rc1
r5.0.12
r5.0.12-rc0
r5.0.13
r5.0.13-rc0
r5.0.14
r5.0.14-rc0
r5.0.15
r5.0.15-rc0
r5.0.15-rc1
r5.0.15-rc2
r5.0.16
r5.0.16-rc0
r5.0.17
r5.0.17-rc0
r5.0.18
r5.0.18-rc0
r5.0.18-rc1
r5.0.18-rc2
r5.0.19
r5.0.19-rc0
r5.0.2
r5.0.2-rc0
r5.0.20
r5.0.20-rc0
r5.0.20-rc1
r5.0.21
r5.0.21-rc0
r5.0.22
r5.0.22-rc0
r5.0.22-rc1
r5.0.23
r5.0.23-rc0
r5.0.24
r5.0.24-rc0
r5.0.25
r5.0.25-rc0
r5.0.26
r5.0.26-rc0
r5.0.27
r5.0.27-rc0
r5.0.28
r5.0.28-rc0
r5.0.29
r5.0.29-rc0
r5.0.3
r5.0.3-rc0
r5.0.3-rc1
r5.0.3-rc2
r5.0.30
r5.0.31-rc0
r5.0.4
r5.0.4-rc0
r5.0.5
r5.0.5-rc0
r5.0.6
r5.0.6-rc0
r5.0.6-rc1
r5.0.6-rc2
r5.0.7
r5.0.7-rc0
r5.0.7-rc1
r5.0.8
r5.0.8-rc0
r5.0.9
r5.0.9-rc0
r5.0.9-rc1
r6.*
r6.0.0
r6.0.1
r6.0.1-rc0
r6.0.10
r6.0.10-rc0
r6.0.11
r6.0.11-rc0
r6.0.12
r6.0.12-rc0
r6.0.12-rc1
r6.0.13
r6.0.13-rc0
r6.0.14
r6.0.14-rc0
r6.0.14-rc1
r6.0.15
r6.0.15-rc0
r6.0.16
r6.0.16-rc0
r6.0.17
r6.0.17-rc0
r6.0.18
r6.0.18-rc0
r6.0.19
r6.0.2
r6.0.2-rc0
r6.0.2-rc1
r6.0.20-rc0
r6.0.20-rc1
r6.0.20-rc2
r6.0.3
r6.0.3-rc0
r6.0.3-rc1
r6.0.3-rc2
r6.0.4
r6.0.4-rc0
r6.0.4-rc1
r6.0.5
r6.0.5-rc0
r6.0.5-rc1
r6.0.6
r6.0.6-rc0
r6.0.6-rc1
r6.0.7
r6.0.7-rc0
r6.0.8
r6.0.8-rc0
r6.0.9
r6.0.9-rc0
r6.0.9-rc1
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3083.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"111874932942046114223144494633221209129",
"256161905959451949254944526044843089200",
"256297468071740735162236456708360012742",
"235830183144559937999253149604957112306",
"333439315193046824989860925238314039277",
"67806875461468992500661772377747545565",
"315068057892469383161678055746093791167",
"163662512404082480371673185596467494915",
"305521259106150362239553553475319460417",
"237949536939246254356068982710758675285",
"233368596813223622005935141840143744284",
"249840967872087541426899006816657862039"
]
},
"id": "CVE-2025-3083-37cd3957",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"length": 229.0,
"function_hash": "158583053690993594079961819885580517603"
},
"id": "CVE-2025-3083-68b5792a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"function": "DocumentSourceUnwind::Unwinder::Unwinder",
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"length": 959.0,
"function_hash": "317059203157195173859428266013583839835"
},
"id": "CVE-2025-3083-98e95ab3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7",
"target": {
"function": "ShardServerOpObserver::onCreateCollection",
"file": "src/mongo/db/s/shard_server_op_observer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"338095024408874251521027627609623809923",
"19517780008182253857358285612128038534",
"95532667481650364120857114228697583222",
"224358683231941325215866037278555672552"
]
},
"id": "CVE-2025-3083-a50b1d1c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7",
"target": {
"file": "src/mongo/db/s/shard_server_op_observer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"22086865423945277420463346282675410359",
"230789960585398782210326326319515422235",
"248302116163759668327706100034840776012"
]
},
"id": "CVE-2025-3083-c5867b8d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/document_source_unwind_test.cpp"
}
},
{
"digest": {
"length": 1055.0,
"function_hash": "178158968249656320450514116893340795177"
},
"id": "CVE-2025-3083-c61a0dde",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"function": "DocumentSourceUnwind::Unwinder::getNext",
"file": "src/mongo/db/pipeline/document_source_unwind.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"222656228999319984345615210932081431974",
"193954611145980170235708013613831262012",
"28258538037177236396132426160576990472",
"225632782582637378616067280143374015707",
"74892736587624400858128677358105557890",
"63274386290555953020237546162368808513"
]
},
"id": "CVE-2025-3083-e8342bcf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6b39fbde5c06d2b5ac027082217fb557673bd60d",
"target": {
"file": "src/mongo/db/pipeline/field_path.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"289615031260393640600166978000810598326",
"174263353031095360354811222590375994238",
"37893113743661401367433766006617245139",
"198144288324145422179690954053153156848",
"36736246737633378293539884485657169555",
"107960196219712511888740040531924676267",
"206814875902817473337604736024570314060",
"53794623527901874886021005038858917961",
"86216376997418627178498948009103823509",
"288140461283838078858484965111659814713",
"10494605545332134506779439480935528073",
"247093533371582096541006174949470880670",
"238562345504294130821711521928913826245",
"40087696666882332579116474790751576649",
"178274430025655671790804198721508786684",
"305981361343553242930562815423828793219",
"5425285738287593101438645327605096452",
"156448683704151910540358080284558968747",
"211541693896111393054536435571123395187",
"270125743232337666654344342259579419777",
"199307348140951533813034461210201531339",
"158338784605393838348032193174577480773",
"192065423660775606198050130755657769016",
"164808174757467748202056433614118846976",
"257873045955097889346597301578982132831",
"206036861653635625985012625410408853630",
"33564014120465565687393381457032042640",
"203221042432156515722803349853247916204",
"76821125106791797375526121394193145082",
"155500411777895219702765076758184467317"
]
},
"id": "CVE-2025-3083-f4e7f784",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/83c3f10433284e1296498e90d8e1439af951deec",
"target": {
"file": "src/mongo/bson/bsonelement.cpp"
}
}
]
vanir_signatures_modified
"2026-04-12T14:42:34Z"