CVE-2025-0755

Published Mar 18, 2025

Last updated 18 days ago

CVSS high 8.4

Overview

Description
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
Source
cna@mongodb.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
5.9
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cna@mongodb.com
CWE-122

Social media

Hype score
Not currently trending

  1. MongoDB C Driver の脆弱性 CVE-2025-0755 が FIX:バッファ・オーバーフローとクラッシュ https://t.co/dcccPMAZTR MongoDB C Driver に、CVSS 値 8.4 の脆弱性が発生しています。ご利用のチームは、ご注意ください。 #CVE20250755 #MongoDB #MongoDBCDriver #OpenSource #Vulnerability

    @iototsecnews

    27 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-0755 🔴 HIGH (8.4) 🏢 MongoDB Inc - libbson 🏗️ 0 🔗 https://t.co/smYT4J8oFq #CyberCron #VulnAlert #InfoSec https://t.co/9Yrj7qHKCr

    @cybercronai

    18 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerability Alert: MongoDB C Driver bson library buffer overflow 📅 Timeline: Disclosure: 2025-03-18, Patch: Not yet available 📌 Attribution: MongoDB Security Team 🆔cveId: CVE-2025-0755 📊baseScore: 8.4 📏cvssMetrics: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity:…

    @syedaquib77

    18 Mar 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. New post from https://t.co/uXvPWJyEiR (CVE-2025-0755 | MongoDB libbson/Server bson_append functions heap-based overflow) has been published on https://t.co/xupwPqNwII

    @WolfgangSesin

    18 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0755: HIGH] Vulnerable bson_append functions in MongoDB C driver library may lead to buffer overflows creating BSON docs exceeding size limits, causing crashes on MongoDB Server v8.0, v7.0 <1.27.5.#cybersecurity,#vulnerability https://t.co/5rpqS9maqz https://t.co/UCS

    @CveFindCom

    18 Mar 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References