Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.2.0-rc0, 8.1.1
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Query Execution
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v8.1, v8.0
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

CVE ID:

CVE-2025-7259

Title:

Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash

Description:

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

CVSS Score:

6.5 - https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

List all affected product versions:

8.1.0

CWE:

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

related to

SERVER-92488 Expand IDHACK eligibility to include {_id: {$eq: <val>}}

Closed

Assignee:: Projjal Chanda
Reporter:: Projjal Chanda
Participants:: Githook User, Projjal Chanda
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Mar 20 2025 07:09:14 PM UTC
Updated:: Jul 07 2025 03:58:49 PM UTC
Resolved:: Apr 04 2025 08:36:35 PM UTC
Confidence Status Last Update:: 21/Mar/25 3:01 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates