CVE-2025-23061

Published Jan 15, 2025

Last updated 3 months ago

CVSS critical 9.0

Overview

Description
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-94

Social media

Hype score
Not currently trending

  1. تشكل مكتبة 'Mongoose' للODM من MogoDB تهديدات خطيرة عند انكشافها، مثل الوصول غير المصرح به، استخراج البيانات وتنفيذ التعليمات عن بُعد. الفحوصات الأمنية المستمرة مع CTI و ASM وكيفية منع استغلال CVE-2024-53900 و CVE-2025-23061: https://t.co/ITcv81mufe https://t.co/aokc6hXiLn

    @CriminalIP_AR

    21 Mar 2025

    38 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. MongooseのRCE脆弱性「CVE-2024-53900」&「CVE-2025-23061」 MongoDBのODMライブラリである「Mongoose」は、外部に公開されると、無認証アクセス、データ流出、リモートコード実行など、深刻なセキュリティの脅威を引き起こします。 https://t.co/UjmRYzZVs3

    @CriminalIP_JP

    21 Mar 2025

    110 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. 몽구스 RCE 취약점 CVE-2024-53900 & CVE-2025-23061 MongoDB의 ODM 라이브러리 '몽구스'는 외부 노출 시 무인증 접근, 데이터 유출, 원격 코드 실행 등 심각한 보안 위협을 야기합니다. CTI와 ASM을 통한 지속적인 보안 상태 점검과 보안 공격 예방법을 확인해보세요: https://t.co/Tbl6kf4wW4 https://t.co/G7w2V3Suey

    @CriminalIP_KR

    21 Mar 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Mongoose RCE Vulnerabilities: CVE-2024-53900 & CVE-2025-23061 The Mongoose ODM library for MongoDB creates significant security risks when exposed, enabling unauthenticated access, data leakage, and remote code execution. Learn more about proactive security checks and how to

    @CriminalIP_US

    20 Mar 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🟡Critical MongoDB Vulnerabilities Two severe flaws (CVE-2024-53900 & CVE-2025-23061) in the Mongoose library enable data theft & remote code execution. Patch immediately to v8.9.5. Unpatched systems remain at risk. 🔗https://t.co/lmI3WLb7K1 #CyberSecurity #MongoDB #I

    @Osec__

    5 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Critical vulnerabilities (CVE-2024-53900, CVE-2025-23061) found in Mongoose ODM can lead to data theft and RCE for MongoDB apps. Patches released, upgrades recommended. ⚠️🔒 #MongoDB #DataSecurity #USA link: https://t.co/WhUM0A40IJ https://t.co/EaWm2TDd2k

    @TweetThreatNews

    21 Feb 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-53900とCVE-2025-23061、めちゃくちゃ既視感がある 具体的に言えばTSG CTF 2023

    @st98_

    26 Jan 2025

    1567 Impressions

    0 Retweets

    17 Likes

    8 Bookmarks

    0 Replies

    1 Quote

  8. Threat Alert: Critical MongoDB Vulnerability: Search Injection Flaw Affects Millions of Apps CVE-2025-23061 CVE-2024-53900 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/tShbo0HeUj #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    22 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Alert🚨 CVE-2025-23061: Mongoose search injection https://t.co/9LI4IbCQqS affects versions before 8.9.5. 📊 2.7K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/J140o6Nxht 👇Query HUNTER : https://t.co/q9rtuGfZuz="mongoose.js"… https://t.co

    @HunterMapping

    21 Jan 2025

    1138 Impressions

    0 Retweets

    6 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ A critical flaw in Mongoose (CVE-2025-23061) exposes millions to search injection attacks! Affects versions < 8.9.5 due to nested filter issues. Upgrade to protect data! 🔒 #Mongoose #DatabaseSecurity #USA link: https://t.co/6ZZqnwb02n https://t.co/dwPa02EILq

    @TweetThreatNews

    20 Jan 2025

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-2306 (CVSS 9.0): Mongoose Flaw Leaves Millions of Downloads Exposed to Search Injection Discover the details of CVE-2025-23061. Understand the potential risks it poses to #MongoDB database interactions and how to protect your application https://t.co/Rsw8xQu5sD

    @the_yellow_fall

    20 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. I'm calm Mongoose search injection vulnerability · CVE-2025-23061 · GitHub Advisory Database https://t.co/NMZ5huXPDO

    @kucukaslancomtr

    17 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2025-23061 Search Injection Vulnerability in Mongoose Versions Below 8.9.5 https://t.co/F0JBTaM764 Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    15 Jan 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References