CVE-2025-10060

MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

Description

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

INFO

Published Date :

2025-09-05T20:39:14.188Z

Last Modified :

2025-09-05T21:08:05.687Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-10060 vulnerability.

Vendors	Products
Mongodb	Mongodb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10060.

URL	Resource
https://jira.mongodb.org/browse/SERVER-95524

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact