MongoDB may be susceptible to Invariant Failure due to batched...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2

Basic Information

ID CVE-2025-13644

Source mongodb

Published Nov 25, 2025 at 05:23

Affected Product

Vendor MongoDB Inc.

Product MongoDB Server

Version 8.0

Affected Versions MongoDB Inc. MongoDB Server 8.0
MongoDB Inc. MongoDB Server 7.0
MongoDB Inc. MongoDB Server 8.1

CWE Classification

CWE-617

References

jira.mongodb.org /browse/SERVER-101180

{
    "lastseen": "",
    "description": "MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2",
    "published": "2025-11-25T05:23:12.317Z",
    "modified": "2025-11-25T05:23:12.317Z",
    "type": "cve",
    "title": "MongoDB may be susceptible to Invariant Failure due to batched delete",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-101180",
    "id": "CVE-2025-13644",
    "bulletinFamily": "",
    "cwe": [
        "CWE-617"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc. MongoDB Server 8.0\nMongoDB Inc. MongoDB Server 7.0\nMongoDB Inc. MongoDB Server 8.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.0",
    "vendor": "MongoDB Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MongoDB may be susceptible to Invariant Failure due to batched delete_CVE-2025-13644