Description

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

Remediation

References

CVE-2025-11979

Related Vulnerabilities

WordPress Plugin Rich Reviews Multiple Vulnerabilities (1.7.3)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1318)

IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4660)

e107 Other Vulnerability (CVE-2004-2039)

Serendipity Improper Access Control Vulnerability (CVE-2016-10082)

Severity

Medium

Classification

CVE-2025-11979 CWE-416 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities