CVE-2025-11979

Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior

Description

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

INFO

Published Date :

2025-10-20T17:47:57.947Z

Last Modified :

2025-10-20T20:21:27.265Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11979 vulnerability.

Vendors	Products
Mongodb	Mongodb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11979.

URL	Resource
https://jira.mongodb.org/browse/SERVER-105873

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact