CVE-2025-7259
Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash
6.5
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
How to fix CVE-2025-7259
To remediate CVE-2025-7259, upgrade the affected package to a fixed version below.
- —upgrade to 8.2.0 or later
Is CVE-2025-7259 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 8.1.0, < 8.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |