CVE-2025-7259

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7259

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7259.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7259

Aliases

BIT-mongodb-2025-7259

Downstream

UBUNTU-CVE-2025-7259

Published

2025-07-07T16:15:30.440Z

Modified

2026-04-10T05:35:47.705887Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

References

https://jira.mongodb.org/browse/SERVER-102693

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo

Events

Introduced

Last affected

b6da7e2baf4c9d2732dca1f85e9204a9f5813922

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.1.0"
        }
    ]
}

Affected versions

0.*

0.9.1

1.*

1.7-cut

r0.*

r0.0.3

r0.0.4_rc1

r0.0.6_rc1

r0.0.7_rc1

r0.0.7_rc2

r0.0.7_rc3

r0.0.7_rc4

r0.0.9_rc1

r0.1.0_rc1

r0.1.2_rc1

r0.1.3_rc1

r0.1.4_rc1

r0.1.5_rc1

r0.1.6_rc1

r0.2.1

r0.9.1

r0.9.10

r0.9.5

r0.9.6

r0.9.8

r0.9.9

r1.*

r1.1.1

r1.1.3

r1.3.0

r1.3.4

r1.5.0

r1.5.1

r1.5.2

r1.5.5

r1.5.6

r1.7.5

r1.7.6

r1.8.0-rc0

r2.*

r2.1.1

r2.1.2

r2.2.0-rc0

r2.3.1

r2.3.2

r2.4.0-rc0

r2.4.0-rc1

r2.4.0-rc2

r2.4.0.rc1

r2.5.1

r2.5.2

r2.5.3

r2.5.4

r2.5.5

r2.6.0-rc0

r2.6.0-rc1

r2.7.0

r2.7.1

r2.7.2

r2.7.3

r2.7.4

r2.7.5

r2.7.6

r2.7.7

r2.7.8

r2.8.0-rc0

r2.8.0-rc1

r2.8.0-rc2

r2.8.0-rc3

r2.8.0-rc4

r2.8.0-rc5

r3.*

r3.1.0

r3.1.1

r3.1.2

r3.1.3

r3.1.4

r3.1.5

r3.1.6

r3.1.7

r3.1.8

r3.1.9

r3.2.0

r3.2.0-rc0

r3.2.0-rc1

r3.2.0-rc2

r3.2.0-rc3

r3.2.0-rc4

r3.2.0-rc5

r3.2.0-rc6

r3.3.0

r3.3.1

r3.3.10

r3.3.11

r3.3.12

r3.3.13

r3.3.14

r3.3.15

r3.3.2

r3.3.3

r3.3.4

r3.3.5

r3.3.6

r3.3.7

r3.3.8

r3.3.9

r3.4.0-rc0

r3.4.0-rc1

r3.4.0-rc2

r3.4.0-rc3

r3.5.0

r3.5.1

r3.5.10

r3.5.11

r3.5.12

r3.5.13

r3.5.2

r3.5.3

r3.5.4

r3.5.5

r3.5.6

r3.5.7

r3.5.8

r3.5.9

r3.6.0-rc0

r3.6.0-rc1

r3.6.0-rc2

r3.6.0-rc3

r3.6.0-rc4

r3.7.0

r3.7.1

r3.7.2

r3.7.3

r3.7.4

r3.7.5

r3.7.6

r3.7.7

r3.7.8

r3.7.9

r4.*

r4.0.0-rc0

r4.1.0

r4.1.1

r4.1.10

r4.1.11

r4.1.12

r4.1.13

r4.1.2

r4.1.3

r4.1.4

r4.1.5

r4.1.6

r4.1.7

r4.1.8

r4.1.9

r4.3.0

r4.3.1

r4.3.2

r4.3.3

r4.3.4

r4.5.0

r4.8.0-alpha

r4.9.0-alpha

r4.9.0-alpha0

r4.9.0-alpha1

r4.9.0-alpha2

r4.9.0-alpha3

r4.9.0-alpha4

r4.9.0-alpha5

r4.9.0-alpha6

r4.9.0-alpha7

r5.*

r5.0.0-alpha

r5.0.0-alpha0

r5.1.0-alpha

r5.2.0-alpha

r5.3.0-alpha

r5.3.0-alpha0

r5.3.0-alpha1

r5.3.0-alpha2

r5.3.0-alpha3

r5.3.0-alpha4

r6.*

r6.0.0-alpha

r6.0.0-alpha0

r6.0.0-alpha1

r6.1.0-alpha

r6.2.0-alpha

r6.3.0-alpha

r6.3.0-alpha0

r6.3.0-rc0

r7.*

r7.0.0-alpha

r7.0.0-alpha0

r7.1.0-alpha

r7.1.0-alpha0

r7.2.0-alpha

r7.2.0-alpha0

r7.3.0-alpha

r7.3.0-alpha0

r7.3.0-alpha1

r7.3.0-rc0

r8.*

r8.0.0-alpha

r8.0.0-alpha0

r8.0.0-alpha1

r8.0.0-alpha2

r8.1.0

r8.1.0-alpha

r8.1.0-alpha0

r8.1.0-alpha1

r8.1.0-alpha2

r8.1.0-alpha3

r8.1.0-rc0

r8.1.0-rc1

r8.1.0-rc2

r8.1.0-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7259.json"