Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2025-7259)

Description

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.69)

WordPress Plugin WooCommerce Blocks Security Bypass (3.7.0)

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)

WordPress Plugin Post Custom Templates Lite Cross-Site Scripting (1.6)

Severity

Medium

Classification

CVE-2025-7259 CWE-843 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities