CVE-2025-3083

Malformed MongoDB wire protocol messages may cause mongos to crash

Description

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

INFO

Published Date :

2025-04-01T11:12:31.268Z

Last Modified :

2025-04-01T13:18:48.632Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-3083 vulnerability.

Vendors	Products
Mongodb	Mongodb

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3083.

URL	Resource
https://jira.mongodb.org/browse/SERVER-103152

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact