
We found results for “”
CVE-2025-10059
Good to know:

Date: September 5, 2025
An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Permission Assignment for Critical Resource
CWE-732Top Fix

Upgrade Version
Upgrade to version https://github.com/mongodb/mongo.git - r6.0.24;https://github.com/mongodb/mongo.git - r7.0.18;https://github.com/mongodb/mongo.git - r8.0.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |