CVE-2025-0755
MongoDB C Driver bson library may be susceptible to buffer overflow
7.5
HIGH
CVSS 3.1
EPSS 0.15%
Description
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
How to fix CVE-2025-0755
To remediate CVE-2025-0755, upgrade the affected package to a fixed version below.
- —upgrade to 7.0.16 or later
- —upgrade to 0.8.4-1+deb11u1 or later
- —upgrade to 1.17.6-1+deb11u1 or later
Is CVE-2025-0755 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 7.0.0, < 7.0.16, >= 8.0.0, < 8.0.1
- from 0, < 0.8.4-1+deb11u1
- from 0, < 1.17.6-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |