CVE-2025-7259
Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
Un usuario autorizado puede ejecutar consultas con campos _id duplicados, lo que provoca un comportamiento inesperado en MongoDB Server y puede provocar un bloqueo. Este problema solo lo pueden activar usuarios autorizados y causa una denegaciĆ³n de servicio. Afecta a MongoDB Server v8.1 (versiĆ³n 8.1.0).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-07-07 CVE Reserved
- 2025-07-07 CVE Published
- 2025-07-07 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| MongoDB Inc Search vendor "MongoDB Inc" | MongoDB Server Search vendor "MongoDB Inc" for product "MongoDB Server" | 8.1.0 Search vendor "MongoDB Inc" for product "MongoDB Server" and version "8.1.0" | en |
Affected
| ||||||