CVE-2025-3084
MongoDB Server may crash due to improper validation of explain command
6.5
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4
How to fix CVE-2025-3084
To remediate CVE-2025-3084, upgrade the affected package to a fixed version below.
- —upgrade to 5.0.31 or later
Is CVE-2025-3084 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.0.0, < 5.0.31, >= 6.0.0, < 6.0.20, >= 7.0.0, < 7.0.16, >= 8.0.0, < 8.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |