CVE-2025-7259

{"id": "CVE-2025-7259", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-07-07T16:15:30.440", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-102693", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0."}, {"lang": "es", "value": "Un usuario autorizado puede ejecutar consultas con campos _id duplicados, lo que provoca un comportamiento inesperado en MongoDB Server y puede provocar un bloqueo. Este problema solo lo pueden activar usuarios autorizados y causa una denegaci\u00f3n de servicio. Afecta a MongoDB Server v8.1 (versi\u00f3n 8.1.0)."}], "lastModified": "2025-10-03T20:50:32.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:8.1.0:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "2B69D4C3-39E0-4081-B669-87838A839F51"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}