CVE-2025-3083

Published Apr 1, 2025

Last updated 3 days ago

CVSS high 7.5

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-3083 affects MongoDB. Specifically crafted MongoDB wire protocol messages can cause `mongos` to crash during command validation. This can occur even without an authenticated connection. The vulnerability impacts MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20, and MongoDB v7.0 versions prior to 7.0.16. To remediate this vulnerability, it is advised to upgrade to MongoDB version 5.0.31, 6.0.20, or version 7.0.16 or later.

Description
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
Source
cna@mongodb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cna@mongodb.com
CWE-248

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2025-3083, -3084, -3085: Vulnerabilities in MongoDB, 6.5 - 8.1 rating❗️ Vulnerabilities in some versions of MongoDB allow attackers to perform DoS and gain unauthorized access using revoked certificates. Vendor's advisory: https://t.co/IdKxWQznRJ #cve #mongodb #bugbountytip

    @darkshadow2bd

    3 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨Alert🚨 CVE-2025-3083: MongoDB Mongos Protocol Crash Vulnerability 📊 413.8K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/mcr6hQyDB2 👇Query HUNTER : https://t.co/q9rtuGgxk7="MongoDB" FOFA : product="MongoDB" SHODAN :port: 27017 https://

    @HunterMapping

    2 Apr 2025

    3261 Impressions

    27 Retweets

    57 Likes

    30 Bookmarks

    0 Replies

    1 Quote

  3. 🚨 CVE-2025-3083 🔴 HIGH (7.5) 🏢 MongoDB Inc - MongoDB Server 🏗️ 5.0 🔗 https://t.co/NPumhFJvOy #CyberCron #VulnAlert #InfoSec https://t.co/TB2vZEX75c

    @cybercronai

    1 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References