MongoDB Server router will crash when incorrect lsid is set...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.

Basic Information

ID CVE-2025-10059

Source mongodb

Published Sep 5, 2025 at 20:26

Modified Sep 5, 2025 at 20:44

Affected Product

Vendor MongoDB Inc

Product MongoDB Server

Version 6.0

Affected Versions MongoDB Inc MongoDB Server 6.0
MongoDB Inc MongoDB Server 7.0
MongoDB Inc MongoDB Server 8.0

CWE Classification

CWE-732

References

{
    "lastseen": "",
    "description": "An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.",
    "published": "2025-09-05T20:26:52.612Z",
    "modified": "2025-09-05T20:44:22.665Z",
    "type": "cve",
    "title": "MongoDB Server router will crash when incorrect lsid is set on a sharded query",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-100901\nhttps://jira.mongodb.org/browse/SERVER-100909",
    "id": "CVE-2025-10059",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc MongoDB Server 6.0\nMongoDB Inc MongoDB Server 7.0\nMongoDB Inc MongoDB Server 8.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "6.0",
    "vendor": "MongoDB Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MongoDB Server router will crash when incorrect lsid is set on a sharded query_CVE-2025-10059