CVE-2025-7259

Source
https://cve.org/CVERecord?id=CVE-2025-7259
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7259.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7259
Aliases
Downstream
Published
2025-07-07T15:59:01.902Z
Modified
2026-07-15T01:49:16.510529984Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash
Details

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7259.json",
    "cwe_ids": [
        "CWE-843"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "8.1"
                },
                {
                    "last_affected": "8.1.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "mongodb"
}
References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Database specific
{
    "cpe": "cpe:2.3:a:mongodb:mongodb:8.1.0:*:*:*:-:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "8.1.0"
        },
        {
            "last_affected": "8.1.0"
        }
    ]
}

Affected versions

8.*
8.1.0
r8.*
r8.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7259.json"