Vulnerability-Lookup

CVE-2025-0755 (GCVE-0-2025-0755)

Vulnerability from cvelistv5 – Published: 2025-03-18 09:01 – Updated: 2025-11-03 19:35

Title

MongoDB C Driver bson library may be susceptible to buffer overflow

Summary

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

Severity

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

mongodb

References

4 references

URL	Tags
https://jira.mongodb.org/browse/SERVER-94461
https://jira.mongodb.org/browse/CDRIVER-5601
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
MongoDB Inc	libbson	Affected: 0 , < 1.27.5 (custom) cpe:2.3:a:mongodb:libbson:0.2.0:::::::* cpe:2.3:a:mongodb:libbson:0.2.2:::::::* cpe:2.3:a:mongodb:libbson:0.2.4:::::::* cpe:2.3:a:mongodb:libbson:0.4.0:::::::* cpe:2.3:a:mongodb:libbson:0.5.0:::::::* cpe:2.3:a:mongodb:libbson:0.6.0:::::::* cpe:2.3:a:mongodb:libbson:0.6.2:::::::* cpe:2.3:a:mongodb:libbson:0.6.4:::::::* cpe:2.3:a:mongodb:libbson:0.6.6:::::::* cpe:2.3:a:mongodb:libbson:0.6.8:::::::* cpe:2.3:a:mongodb:libbson:0.8.0:::::::* cpe:2.3:a:mongodb:libbson:0.8.2:::::::* cpe:2.3:a:mongodb:libbson:0.8.4:::::::* cpe:2.3:a:mongodb:libbson:0.98.0:::::::* cpe:2.3:a:mongodb:libbson:1.0.0:::::::* cpe:2.3:a:mongodb:libbson:1.0.2:::::::* cpe:2.3:a:mongodb:libbson:1.1.0:-:::::: cpe:2.3:a:mongodb:libbson:1.1.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.1.2:::::::* cpe:2.3:a:mongodb:libbson:1.1.4:::::::* cpe:2.3:a:mongodb:libbson:1.1.5:::::::* cpe:2.3:a:mongodb:libbson:1.1.6:::::::* cpe:2.3:a:mongodb:libbson:1.1.7:::::::* cpe:2.3:a:mongodb:libbson:1.1.8:::::::* cpe:2.3:a:mongodb:libbson:1.1.9:::::::* cpe:2.3:a:mongodb:libbson:1.1.10:::::::* cpe:2.3:a:mongodb:libbson:1.1.11:::::::* cpe:2.3:a:mongodb:libbson:1.2.0:-:::::: cpe:2.3:a:mongodb:libbson:1.2.0:beta1:::::: cpe:2.3:a:mongodb:libbson:1.2.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.2.1:::::::* cpe:2.3:a:mongodb:libbson:1.2.2:::::::* cpe:2.3:a:mongodb:libbson:1.2.3:::::::* cpe:2.3:a:mongodb:libbson:1.2.4:::::::* cpe:2.3:a:mongodb:libbson:1.3.0:-:::::: cpe:2.3:a:mongodb:libbson:1.3.0:beta0:::::: cpe:2.3:a:mongodb:libbson:1.3.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.3.1:::::::* cpe:2.3:a:mongodb:libbson:1.3.2:::::::* cpe:2.3:a:mongodb:libbson:1.3.3:::::::* cpe:2.3:a:mongodb:libbson:1.3.4:::::::* cpe:2.3:a:mongodb:libbson:1.3.5:::::::* cpe:2.3:a:mongodb:libbson:1.3.6:::::::* cpe:2.3:a:mongodb:libbson:1.4.0:-:::::: cpe:2.3:a:mongodb:libbson:1.4.0:beta0:::::: cpe:2.3:a:mongodb:libbson:1.4.0:beta1:::::: cpe:2.3:a:mongodb:libbson:1.4.1:::::::* cpe:2.3:a:mongodb:libbson:1.4.2:::::::* cpe:2.3:a:mongodb:libbson:1.4.3:::::::* cpe:2.3:a:mongodb:libbson:1.5.0:-:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc1:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc2:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc3:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc4:::::: cpe:2.3:a:mongodb:libbson:1.5.0:rc6:::::: cpe:2.3:a:mongodb:libbson:1.5.1:::::::* cpe:2.3:a:mongodb:libbson:1.5.2:::::::* cpe:2.3:a:mongodb:libbson:1.5.3:::::::* cpe:2.3:a:mongodb:libbson:1.5.4:::::::* cpe:2.3:a:mongodb:libbson:1.5.5:::::::* cpe:2.3:a:mongodb:libbson:1.6.0:-:::::: cpe:2.3:a:mongodb:libbson:1.6.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.6.1:::::::* cpe:2.3:a:mongodb:libbson:1.6.2:::::::* cpe:2.3:a:mongodb:libbson:1.6.3:::::::* cpe:2.3:a:mongodb:libbson:1.7.0:-:::::: cpe:2.3:a:mongodb:libbson:1.7.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.7.0:rc1:::::: cpe:2.3:a:mongodb:libbson:1.7.0:rc2:::::: cpe:2.3:a:mongodb:libbson:1.8.0:-:::::: cpe:2.3:a:mongodb:libbson:1.8.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.8.0:rc1:::::: cpe:2.3:a:mongodb:libbson:1.8.1:::::::* cpe:2.3:a:mongodb:libbson:1.8.2:::::::* cpe:2.3:a:mongodb:libbson:1.9.0:-:::::: cpe:2.3:a:mongodb:libbson:1.9.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.9.0:rc1:::::: cpe:2.3:a:mongodb:libbson:1.9.1:::::::* cpe:2.3:a:mongodb:libbson:1.9.2:::::::* cpe:2.3:a:mongodb:libbson:1.9.3:::::::* cpe:2.3:a:mongodb:libbson:1.9.4:::::::* cpe:2.3:a:mongodb:libbson:1.9.5:::::::* cpe:2.3:a:mongodb:libbson:1.10.0:::::::* cpe:2.3:a:mongodb:libbson:1.10.1:::::::* cpe:2.3:a:mongodb:libbson:1.10.2:::::::* cpe:2.3:a:mongodb:libbson:1.10.3:::::::* cpe:2.3:a:mongodb:libbson:1.11.0:::::::* cpe:2.3:a:mongodb:libbson:1.12.0:::::::* cpe:2.3:a:mongodb:libbson:1.13.0:::::::* cpe:2.3:a:mongodb:libbson:1.13.1:::::::* cpe:2.3:a:mongodb:libbson:1.14.0:::::::* cpe:2.3:a:mongodb:libbson:1.14.1:::::::* cpe:2.3:a:mongodb:libbson:1.15.0:::::::* cpe:2.3:a:mongodb:libbson:1.15.1:::::::* cpe:2.3:a:mongodb:libbson:1.15.2:::::::* cpe:2.3:a:mongodb:libbson:1.15.3:::::::* cpe:2.3:a:mongodb:libbson:1.16.0:::::::* cpe:2.3:a:mongodb:libbson:1.16.1:::::::* cpe:2.3:a:mongodb:libbson:1.16.2:::::::* cpe:2.3:a:mongodb:libbson:1.17.0:beta:::::: cpe:2.3:a:mongodb:libbson:1.17.0:beta2:::::: cpe:2.3:a:mongodb:libbson:1.17.0:rc0:::::: cpe:2.3:a:mongodb:libbson:1.17.0:::::::* cpe:2.3:a:mongodb:libbson:1.17.1:::::::* cpe:2.3:a:mongodb:libbson:1.17.2:::::::* cpe:2.3:a:mongodb:libbson:1.17.3:::::::* cpe:2.3:a:mongodb:libbson:1.17.4:::::::* cpe:2.3:a:mongodb:libbson:1.17.5:::::::* cpe:2.3:a:mongodb:libbson:1.17.6:::::::* cpe:2.3:a:mongodb:libbson:1.17.7:::::::* cpe:2.3:a:mongodb:libbson:1.18.0:alpha:::::: cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:::::: cpe:2.3:a:mongodb:libbson:1.18.0:::::::* cpe:2.3:a:mongodb:libbson:1.19.0:::::::* cpe:2.3:a:mongodb:libbson:1.19.1:::::::* cpe:2.3:a:mongodb:libbson:1.19.2:::::::* cpe:2.3:a:mongodb:libbson:1.20.0:::::::* cpe:2.3:a:mongodb:libbson:1.20.1:::::::* cpe:2.3:a:mongodb:libbson:1.21.0:::::::* cpe:2.3:a:mongodb:libbson:1.21.1:::::::* cpe:2.3:a:mongodb:libbson:1.21.2:::::::* cpe:2.3:a:mongodb:libbson:1.22.0:beta0:::::: cpe:2.3:a:mongodb:libbson:1.22.0:::::::* cpe:2.3:a:mongodb:libbson:1.22.1:::::::* cpe:2.3:a:mongodb:libbson:1.22.2:::::::* cpe:2.3:a:mongodb:libbson:1.23.0:::::::* cpe:2.3:a:mongodb:libbson:1.23.1:::::::* cpe:2.3:a:mongodb:libbson:1.23.2:::::::* cpe:2.3:a:mongodb:libbson:1.23.3:::::::* cpe:2.3:a:mongodb:libbson:1.23.4:::::::* cpe:2.3:a:mongodb:libbson:1.23.5:::::::* cpe:2.3:a:mongodb:libbson:1.24.0:::::::* cpe:2.3:a:mongodb:libbson:1.24.1:::::::* cpe:2.3:a:mongodb:libbson:1.24.2:::::::* cpe:2.3:a:mongodb:libbson:1.24.3:::::::* cpe:2.3:a:mongodb:libbson:1.24.4:::::::* cpe:2.3:a:mongodb:libbson:1.25.0:::::::* cpe:2.3:a:mongodb:libbson:1.25.1:::::::* cpe:2.3:a:mongodb:libbson:1.25.2:::::::* cpe:2.3:a:mongodb:libbson:1.25.3:::::::* cpe:2.3:a:mongodb:libbson:1.25.4:::::::* cpe:2.3:a:mongodb:libbson:1.26.0:::::::* cpe:2.3:a:mongodb:libbson:1.26.1:::::::* cpe:2.3:a:mongodb:libbson:1.26.2:::::::* cpe:2.3:a:mongodb:libbson:1.27.0:::::::* cpe:2.3:a:mongodb:libbson:1.27.1:::::::* cpe:2.3:a:mongodb:libbson:1.27.2:::::::* cpe:2.3:a:mongodb:libbson:1.27.3:::::::* cpe:2.3:a:mongodb:libbson:1.27.4:::::::* cpe:2.3:a:mongodb:libbson:1.27.5:::::::* cpe:2.3:a:mongodb:mongodb:7.0.0:::::::* cpe:2.3:a:mongodb:mongodb:7.0.1:::::::* cpe:2.3:a:mongodb:mongodb:7.0.2:::::::* cpe:2.3:a:mongodb:mongodb:7.0.3:::::::* cpe:2.3:a:mongodb:mongodb:7.0.4:::::::* cpe:2.3:a:mongodb:mongodb:7.0.5:::::::* cpe:2.3:a:mongodb:mongodb:7.0.6:::::::* cpe:2.3:a:mongodb:mongodb:7.0.7:::::::* cpe:2.3:a:mongodb:mongodb:7.0.8:::::::* cpe:2.3:a:mongodb:mongodb:7.0.9:::::::* cpe:2.3:a:mongodb:mongodb:7.0.10:::::::* cpe:2.3:a:mongodb:mongodb:7.0.11:::::::* cpe:2.3:a:mongodb:mongodb:7.0.12:::::::* cpe:2.3:a:mongodb:mongodb:7.0.13:::::::* cpe:2.3:a:mongodb:mongodb:7.0.14:::::::* cpe:2.3:a:mongodb:mongodb:7.0.15:::::::* cpe:2.3:a:mongodb:mongodb:8.0.0:::::::*
MongoDB Inc	MongoDB Server	Affected: 8.0 , < 8.0.1 (custom) Affected: 7.0 , < 7.0.16 (custom)

Date Public

2025-03-18 09:00

Credits

selmelc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T13:20:06.283556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T13:20:24.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:09.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "libbson",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "1.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.16",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "selmelc"
        }
      ],
      "datePublic": "2025-03-18T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe various \u003ctt\u003ebson_append\u003c/tt\u003e\u0026nbsp;functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\u003c/p\u003e"
            }
          ],
          "value": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T08:42:52.079Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-94461"
        },
        {
          "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB C Driver bson library may be susceptible to buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-0755",
    "datePublished": "2025-03-18T09:01:04.793Z",
    "dateReserved": "2025-01-27T16:13:12.042Z",
    "dateUpdated": "2025-11-03T19:35:09.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-0755",
      "date": "2026-06-05",
      "epss": "0.00148",
      "percentile": "0.35023"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0755\",\"sourceIdentifier\":\"cna@mongodb.com\",\"published\":\"2025-03-18T09:15:11.487\",\"lastModified\":\"2025-11-03T20:17:05.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\"},{\"lang\":\"es\",\"value\":\"Las diversas funciones bson_append de la librer\u00eda del controlador C de MongoDB pueden ser susceptibles a desbordamientos de b\u00fafer al realizar operaciones que podr\u00edan generar un documento BSON final que supere el tama\u00f1o m\u00e1ximo permitido (INT32_MAX), lo que provocar\u00eda un fallo de segmentaci\u00f3n y un posible bloqueo de la aplicaci\u00f3n. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.27.5\",\"matchCriteriaId\":\"B29F6AA9-E9B0-458B-BDE0-EDC087DFED0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.16\",\"matchCriteriaId\":\"24E2033E-F87C-421E-BFAB-BA205A9FA92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"2D7955C2-4E80-4534-97B0-9E1FBAC606C5\"}]}]}],\"references\":[{\"url\":\"https://jira.mongodb.org/browse/CDRIVER-5601\",\"source\":\"cna@mongodb.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://jira.mongodb.org/browse/SERVER-94461\",\"source\":\"cna@mongodb.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:35:09.738Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T13:20:06.283556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T13:20:16.529Z\"}}], \"cna\": {\"title\": \"MongoDB C Driver bson library may be susceptible to buffer overflow\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"selmelc\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"MongoDB Inc\", \"product\": \"libbson\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.27.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"MongoDB Inc\", \"product\": \"MongoDB Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.0.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-18T09:00:00.000Z\", \"references\": [{\"url\": \"https://jira.mongodb.org/browse/SERVER-94461\"}, {\"url\": \"https://jira.mongodb.org/browse/CDRIVER-5601\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The various bson_append\\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe various \u003ctt\u003ebson_append\u003c/tt\u003e\u0026nbsp;functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"shortName\": \"mongodb\", \"dateUpdated\": \"2025-04-24T08:42:52.079Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:35:09.738Z\", \"dateReserved\": \"2025-01-27T16:13:12.042Z\", \"assignerOrgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"datePublished\": \"2025-03-18T09:01:04.793Z\", \"assignerShortName\": \"mongodb\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-0755

Vulnerability from fkie_nvd - Published: 2025-03-18 09:15 - Updated: 2025-11-03 20:17

Severity

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cna@mongodb.com	https://jira.mongodb.org/browse/CDRIVER-5601	Issue Tracking, Vendor Advisory
cna@mongodb.com	https://jira.mongodb.org/browse/SERVER-94461	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html

Impacted products

Vendor	Product	Version
mongodb	libbson	*
mongodb	mongodb	*
mongodb	mongodb	8.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29F6AA9-E9B0-458B-BDE0-EDC087DFED0A",
              "versionEndExcluding": "1.27.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "24E2033E-F87C-421E-BFAB-BA205A9FA92B",
              "versionEndExcluding": "7.0.16",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:-:*:*:*",
              "matchCriteriaId": "2D7955C2-4E80-4534-97B0-9E1FBAC606C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"
    },
    {
      "lang": "es",
      "value": "Las diversas funciones bson_append de la librer\u00eda del controlador C de MongoDB pueden ser susceptibles a desbordamientos de b\u00fafer al realizar operaciones que podr\u00edan generar un documento BSON final que supere el tama\u00f1o m\u00e1ximo permitido (INT32_MAX), lo que provocar\u00eda un fallo de segmentaci\u00f3n y un posible bloqueo de la aplicaci\u00f3n. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16."
    }
  ],
  "id": "CVE-2025-0755",
  "lastModified": "2025-11-03T20:17:05.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "cna@mongodb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-18T09:15:11.487",
  "references": [
    {
      "source": "cna@mongodb.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
    },
    {
      "source": "cna@mongodb.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.mongodb.org/browse/SERVER-94461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
    }
  ],
  "sourceIdentifier": "cna@mongodb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cna@mongodb.com",
      "type": "Secondary"
    }
  ]
}

GHSA-X43H-8PFV-XX24

Vulnerability from github – Published: 2025-03-18 09:31 – Updated: 2025-11-03 21:33

Details

Severity

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-0755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T09:15:11Z",
    "severity": "HIGH"
  },
  "details": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16",
  "id": "GHSA-x43h-8pfv-xx24",
  "modified": "2025-11-03T21:33:11Z",
  "published": "2025-03-18T09:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0755"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-94461"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-0587

Vulnerability from csaf_certbund - Published: 2025-03-18 23:00 - Updated: 2025-05-20 22:00

Summary

MongoDB: Schwachstelle ermöglicht Codeausführung und DoS

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: MongoDB ist ein Open-Source-Dokumentendatenbank.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um einen Denial of Service zu verursachen und potentiell beliebigen Code auszuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2025-0755

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source MongoDB Server <8.0.1 Open Source / MongoDB		Server <8.0.1
Open Source MongoDB Server <7.0.16 Open Source / MongoDB		Server <7.0.16
Open Source MongoDB libbson <1.27.5 Open Source / MongoDB		libbson <1.27.5

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://jira.mongodb.org/browse/SERVER-94461	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://lists.debian.org/debian-lts-announce/2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MongoDB ist ein Open-Source-Dokumentendatenbank.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um einen Denial of Service zu verursachen und potentiell beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0587 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0587.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0587 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0587"
      },
      {
        "category": "external",
        "summary": "MongoDB Advisory vom 2025-03-18",
        "url": "https://jira.mongodb.org/browse/SERVER-94461"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4160 vom 2025-05-09",
        "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4175 vom 2025-05-20",
        "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
      }
    ],
    "source_lang": "en-US",
    "title": "MongoDB: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und DoS",
    "tracking": {
      "current_release_date": "2025-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-21T08:35:42.419+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0587",
      "initial_release_date": "2025-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-05-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "libbson \u003c1.27.5",
                "product": {
                  "name": "Open Source MongoDB libbson \u003c1.27.5",
                  "product_id": "T041980"
                }
              },
              {
                "category": "product_version",
                "name": "libbson 1.27.5",
                "product": {
                  "name": "Open Source MongoDB libbson 1.27.5",
                  "product_id": "T041980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:libbson__1.27.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c7.0.16",
                "product": {
                  "name": "Open Source MongoDB Server \u003c7.0.16",
                  "product_id": "T041997"
                }
              },
              {
                "category": "product_version",
                "name": "Server 7.0.16",
                "product": {
                  "name": "Open Source MongoDB Server 7.0.16",
                  "product_id": "T041997-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:server__7.0.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c8.0.1",
                "product": {
                  "name": "Open Source MongoDB Server \u003c8.0.1",
                  "product_id": "T041998"
                }
              },
              {
                "category": "product_version",
                "name": "Server 8.0.1",
                "product": {
                  "name": "Open Source MongoDB Server 8.0.1",
                  "product_id": "T041998-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:server__8.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MongoDB"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0755",
      "product_status": {
        "known_affected": [
          "2951",
          "T041998",
          "T041997",
          "T041980"
        ]
      },
      "release_date": "2025-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-0755"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-0755 (GCVE-0-2025-0755)

FKIE_CVE-2025-0755

GHSA-X43H-8PFV-XX24

WID-SEC-W-2025-0587

Tags

Sightings

Nomenclature