CVE-2025-13644
Last modified
CVE-2025-13644 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mongodb | Mongodb | >= 7.0.0, < 7.0.26 | — |
| Mongodb | Mongodb | >= 8.0.0, < 8.0.13 | — |
| Mongodb | Mongodb | >= 8.1.0, < 8.1.2 | — |
| Mongodb | Mongodb | 8.2.0 | Alpha |
References
- https://jira.mongodb.org/browse/SERVER-101180Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-13644?
How severe is CVE-2025-13644?
How do I fix CVE-2025-13644?
Are you affected by CVE-2025-13644?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST