{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3083", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2025-04-01T08:58:57.864Z", "datePublished": "2025-04-01T11:12:31.268Z", "dateUpdated": "2025-04-01T13:18:48.632Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "MongoDB Server", "vendor": "MongoDB Inc", "versions": [{"lessThan": "5.0.31", "status": "affected", "version": "5.0", "versionType": "custom"}, {"lessThan": "6.0.20", "status": "affected", "version": "6.0", "versionType": "custom"}, {"lessThan": "7.0.16", "status": "affected", "version": "7.0.", "versionType": "custom"}]}], "datePublic": "2025-04-01T11:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, &nbsp;MongoDB v6.0 versions prior to&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">6.0.20 and MongoDB v7.0 versions prior to 7.0.16</span><br>"}], "value": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-04-01T11:12:31.268Z"}, "references": [{"url": "https://jira.mongodb.org/browse/SERVER-103152"}], "source": {"discovery": "EXTERNAL"}, "title": "Malformed MongoDB wire protocol messages may cause mongos to crash", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T13:11:21.374450Z", "id": "CVE-2025-3083", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T13:18:48.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T13:11:21.374450Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T13:11:28.085Z"}}], "cna": {"title": "Malformed MongoDB wire protocol messages may cause mongos to crash", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*"], "vendor": "MongoDB Inc", "product": "MongoDB Server", "versions": [{"status": "affected", "version": "5.0", "lessThan": "5.0.31", "versionType": "custom"}, {"status": "affected", "version": "6.0", "lessThan": "6.0.20", "versionType": "custom"}, {"status": "affected", "version": "7.0.", "lessThan": "7.0.16", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-01T11:10:00.000Z", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-103152"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, &nbsp;MongoDB v6.0 versions prior to&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">6.0.20 and MongoDB v7.0 versions prior to 7.0.16</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-04-01T11:12:31.268Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3083", "state": "PUBLISHED", "dateUpdated": "2025-04-01T13:18:48.632Z", "dateReserved": "2025-04-01T08:58:57.864Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2025-04-01T11:12:31.268Z", "assignerShortName": "mongodb"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "66128ED7-B1B4-44B8-9295-D27461F161EA", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F398EABB-311B-4726-A414-537D4EEE1A26", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95B2F98-7920-4A34-8E4F-F01DB87A76FA", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16"}, {"lang": "es", "value": "Los mensajes de protocolo de conexi\u00f3n MongoDB manipulados espec\u00edficamente pueden provocar el bloqueo de MongoDB durante la validaci\u00f3n de comandos. Esto puede ocurrir sin usar una conexi\u00f3n autenticada. Este problema afecta a MongoDB v5.0 anteriores a la 5.0.31, MongoDB v6.0 anteriores a la 6.0.20 y MongoDB v7.0 anteriores a la 7.0.16."}], "id": "CVE-2025-3083", "lastModified": "2025-09-22T14:15:59.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@mongodb.com", "type": "Secondary"}]}, "published": "2025-04-01T12:15:15.883", "references": [{"source": "cna@mongodb.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/SERVER-103152"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{}

{}