MongoDB may be susceptible to Invariant Failure in Transactions due...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

Basic Information

ID CVE-2025-10060

Source mongodb

Published Sep 5, 2025 at 20:39

Affected Product

Vendor MongoDB Inc

Product MongoDB Server

Version 6.0

Affected Versions MongoDB Inc MongoDB Server 6.0
MongoDB Inc MongoDB Server 7.0
MongoDB Inc MongoDB Server 8.0

CWE Classification

CWE-672

References

jira.mongodb.org /browse/SERVER-95524

{
    "lastseen": "",
    "description": "MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management.  This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12",
    "published": "2025-09-05T20:39:14.188Z",
    "modified": "2025-09-05T20:39:14.188Z",
    "type": "cve",
    "title": "MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-95524",
    "id": "CVE-2025-10060",
    "bulletinFamily": "",
    "cwe": [
        "CWE-672"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc MongoDB Server 6.0\nMongoDB Inc MongoDB Server 7.0\nMongoDB Inc MongoDB Server 8.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "6.0",
    "vendor": "MongoDB Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation_CVE-2025-10060