CVE-2025-12119
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-12-08
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | c_driver | From 1.9.0 (inc) to 1.30.6 (exc) |
| mongodb | c_driver | From 2.0.0 (inc) to 2.1.2 (exc) |
| mongodb | php_driver | to 1.21.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-825 | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the mongoc_bulk_operation_t component, which may read invalid memory when large options are passed to it. This can lead to unexpected behavior or potential security issues due to improper memory handling.
How can this vulnerability impact me? :
The vulnerability can impact you by causing the application using mongoc_bulk_operation_t to read invalid memory, which may lead to data corruption, crashes, or potential exposure of sensitive information. The CVSS score indicates a high confidentiality impact and low availability impact, meaning sensitive data could be at risk.