CVE-2025-3082

User may override a view's collation and gain unauthorized access to underlying data

Description

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

INFO

Published Date :

2025-04-01T11:08:06.589Z

Last Modified :

2025-04-01T15:14:39.348Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-3082 vulnerability.

Vendors	Products
Mongodb	Mongodb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3082.

URL	Resource
https://jira.mongodb.org/browse/SERVER-103151

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact