CVE-2025-13644
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-11
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | From 7.0.0 (inc) to 7.0.26 (exc) |
| mongodb | mongodb | From 8.0.0 (inc) to 8.0.13 (exc) |
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (exc) |
| mongodb | mongodb | 8.2.0 |
| mongodb | mongodb | 8.2.0 |
| mongodb | mongodb | 8.2.0 |
| mongodb | mongodb | 8.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in MongoDB Server during batched delete operations. The server incorrectly assumes that multiple documents are present in a batch based only on the document size exceeding BSONObjMaxSize, which can lead to an invariant failure.
How can this vulnerability impact me? :
The vulnerability can cause an invariant failure in the MongoDB Server during batched delete operations, potentially leading to denial of service or server instability. This could disrupt database operations and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade MongoDB Server to version 7.0.26 or later, 8.0.13 or later, or 8.1.2 or later, depending on your current version series.