CVE-2025-3082

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-103151	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::

History

22 Sep 2025, 14:20

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:mongodb:mongodb::::::::
First Time		Mongodb mongodb Mongodb
Summary		(es) Un usuario autorizado a acceder a una vista podría modificar la intercalación prevista, lo que le permitiría acceder a una vista diferente o no prevista de los datos subyacentes. Este problema afecta a MongoDB Server v5.0 (versión anterior a la 5.0.31), MongoDB Server v6.0 (versión anterior a la 6.0.20), MongoDB Server v7.0 (versión anterior a la 7.0.14) y MongoDB Server v7.3 (versión anterior a la 7.3.4).
References	~~() https://jira.mongodb.org/browse/SERVER-103151 -~~	() https://jira.mongodb.org/browse/SERVER-103151 - Issue Tracking, Vendor Advisory

01 Apr 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 11:15

Updated : 2025-09-22 14:20

NVD link : CVE-2025-3082

Mitre link : CVE-2025-3082

CVE.ORG link : CVE-2025-3082

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2025-3082", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-04-01T11:15:39.517", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-103151", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4."}, {"lang": "es", "value": "Un usuario autorizado a acceder a una vista podr\u00eda modificar la intercalaci\u00f3n prevista, lo que le permitir\u00eda acceder a una vista diferente o no prevista de los datos subyacentes. Este problema afecta a MongoDB Server v5.0 (versi\u00f3n anterior a la 5.0.31), MongoDB Server v6.0 (versi\u00f3n anterior a la 6.0.20), MongoDB Server v7.0 (versi\u00f3n anterior a la 7.0.14) y MongoDB Server v7.3 (versi\u00f3n anterior a la 7.3.4)."}], "lastModified": "2025-09-22T14:20:22.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66128ED7-B1B4-44B8-9295-D27461F161EA", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F398EABB-311B-4726-A414-537D4EEE1A26", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E56640-2252-4109-A935-37C865B6ECDA", "versionEndExcluding": "7.0.14", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E173464-B453-4415-B2EE-AD2244744113", "versionEndExcluding": "7.3.4", "versionStartIncluding": "7.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}