CVE-2025-12657
Malformed KMIP response may result in access violation
EPSS 0.07%
Description
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
How to fix CVE-2025-12657
To remediate CVE-2025-12657, upgrade the affected package to a fixed version below.
- Bitnami/mongodb—upgrade to 7.0.22 or later
Is CVE-2025-12657 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 6.0.0, < 7.0.22, >= 8.0.0, < 8.0.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |