CVE-2025-12657
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-03
Last updated on: 2025-12-12
Assigner: MongoDB, Inc.
Description
Description
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | From 6.0.0 (inc) to 7.0.22 (exc) |
| mongodb | mongodb | From 8.0.0 (inc) to 8.0.10 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the KMIP response parser in mongo binaries being overly tolerant of certain malformed packets, which can cause it to parse these packets into invalid objects. Subsequent reads of these invalid objects may lead to read access violations.
How can this vulnerability impact me? :
The vulnerability can lead to read access violations when the system processes malformed KMIP response packets. This could potentially cause application crashes or instability, impacting availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70