CVE-2025-3083
Malformed MongoDB wire protocol messages may cause mongos to crash
7.5
HIGH
CVSS 3.1
EPSS 0.21%
Description
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
How to fix CVE-2025-3083
To remediate CVE-2025-3083, upgrade the affected package to a fixed version below.
- —upgrade to 5.0.31 or later
Is CVE-2025-3083 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.0.0, < 5.0.31, >= 6.0.0, < 6.0.20, >= 7.0.0, < 7.0.16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |