- Description
- Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Critical vulnerabilities (CVE-2024-53900, CVE-2025-23061) found in Mongoose ODM can lead to data theft and RCE for MongoDB apps. Patches released, upgrades recommended. ⚠️🔒 #MongoDB #DataSecurity #USA link: https://t.co/WhUM0A40IJ https://t.co/EaWm2TDd2k
@TweetThreatNews
21 Feb 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53900とCVE-2025-23061、めちゃくちゃ既視感がある 具体的に言えばTSG CTF 2023
@st98_
26 Jan 2025
1567 Impressions
0 Retweets
17 Likes
8 Bookmarks
0 Replies
1 Quote
Threat Alert: Critical MongoDB Vulnerability: Search Injection Flaw Affects Millions of Apps CVE-2025-23061 CVE-2024-53900 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/tShbo0HeUj #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
22 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-23061: Mongoose search injection https://t.co/9LI4IbCQqS affects versions before 8.9.5. 📊 2.7K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/J140o6Nxht 👇Query HUNTER : https://t.co/q9rtuGfZuz="mongoose.js"… https://t.co
@HunterMapping
21 Jan 2025
1138 Impressions
0 Retweets
6 Likes
7 Bookmarks
0 Replies
0 Quotes
⚠️ A critical flaw in Mongoose (CVE-2025-23061) exposes millions to search injection attacks! Affects versions < 8.9.5 due to nested filter issues. Upgrade to protect data! 🔒 #Mongoose #DatabaseSecurity #USA link: https://t.co/6ZZqnwb02n https://t.co/dwPa02EILq
@TweetThreatNews
20 Jan 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2306 (CVSS 9.0): Mongoose Flaw Leaves Millions of Downloads Exposed to Search Injection Discover the details of CVE-2025-23061. Understand the potential risks it poses to #MongoDB database interactions and how to protect your application https://t.co/Rsw8xQu5sD
@the_yellow_fall
20 Jan 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I'm calm Mongoose search injection vulnerability · CVE-2025-23061 · GitHub Advisory Database https://t.co/NMZ5huXPDO
@kucukaslancomtr
17 Jan 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-23061 Search Injection Vulnerability in Mongoose Versions Below 8.9.5 https://t.co/F0JBTaM764 Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
15 Jan 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes