CVE-2025-3085

{"id": "CVE-2025-3085", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-01T12:15:16.187", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-95445", "tags": ["Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-299"}]}], "descriptions": [{"lang": "en", "value": "A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.\nRequired Configuration :\u00a0MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled"}, {"lang": "es", "value": "Un servidor MongoDB, en condiciones espec\u00edficas, que se ejecuta en Linux con la comprobaci\u00f3n del estado de revocaci\u00f3n de TLS y CRL habilitada, no comprueba el estado de revocaci\u00f3n de los certificados intermedios en la cadena de certificados del par. En casos de MONGODB-X509, que no est\u00e1 habilitado por defecto, esto puede provocar una autenticaci\u00f3n incorrecta. Este problema tambi\u00e9n puede afectar la autenticaci\u00f3n dentro del cl\u00faster. Este problema afecta a MongoDB Server v5.0 anteriores a la 5.0.31, MongoDB Server v6.0 anteriores a la 6.0.20, MongoDB Server v7.0 anteriores a la 7.0.16 y MongoDB Server v8.0 anteriores a la 8.0.4. Configuraci\u00f3n requerida: MongoDB Server debe ejecutarse en sistemas operativos Linux y la comprobaci\u00f3n del estado de revocaci\u00f3n de CRL debe estar habilitada."}], "lastModified": "2025-09-24T15:35:12.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66128ED7-B1B4-44B8-9295-D27461F161EA", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F398EABB-311B-4726-A414-537D4EEE1A26", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E95B2F98-7920-4A34-8E4F-F01DB87A76FA", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D4E4E5-38B7-4D78-9F60-AE11C2234307", "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}