Description

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions prior to 8.1.2

INFO

Published Date :

2025-09-05T20:48:25.215Z

Last Modified :

2025-09-05T21:08:44.186Z

Source :

mongodb
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10061 vulnerability.

Vendors Products
Mongodb
  • Mongodb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10061.

URL Resource
https://jira.mongodb.org/browse/SERVER-99616 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact