| VID |
25418 |
| Severity |
40 |
| Port |
27017 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MongoDB installed on the remote host is 5.0 prior to 5.0.31, 6.0 prior to 6.0.20 and 7.0 prior to 7.0.16. It is, therefore, affected by a vulnerability as referenced in the SERVER-103152 advisory.
- Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16 (CVE-2025-3083)
* References: https://jira.mongodb.org/browse/SERVER-103152 * Platforms Affected: MongoDB 5.0.x prior to 5.0.31 Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MongoDB(5.0.31 later), available from the MongoDB Web page at https://www.mongodb.com/download-center/community |
| Related URL |
CVE-2025-3083 (CVE) |
| Related URL |
94929 (SecurityFocus) |
| Related URL |
(ISS) |
|