CVE-2025-10060
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-18
Assigner: MongoDB, Inc.
Description
Description
MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-672 | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in MongoDB Server allows upsert operations retried within a transaction to violate unique index constraints. This can cause an invariant failure and lead to a server crash during the commit phase. The issue is due to improper management of the WriteUnitOfWork state.
How can this vulnerability impact me? :
The vulnerability can cause the MongoDB server to crash during transaction commits, potentially leading to service disruption and loss of availability for applications relying on the database.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70