CVE-2025-10059

MongoDB Server router will crash when incorrect lsid is set on a sharded query

Description

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.

INFO

Published Date :

2025-09-05T20:26:52.612Z

Last Modified :

2025-09-05T20:44:22.665Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-10059 vulnerability.

Vendors	Products
Mongodb	Mongodb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10059.

URL	Resource
https://jira.mongodb.org/browse/SERVER-100901
https://jira.mongodb.org/browse/SERVER-100909

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact