CVE-2025-12657 MongoDB — Exploit & Vulnerability Details MEDIUM

CVE-2025-12657

MEDIUM CVSS 3.1: 5.0 EPSS 0.09%

Parameter	Value
CVSS	5.0 (MEDIUM)
Affected Versions	6.0.0 — 8.0.10
Fixed In	7.0.22
Type	CWE-754
Vendor	MongoDB
Public PoC	No

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-754

Vulnerable Products 2

Configuration	From (including)	Up to (excluding)
Mongodb Mongodb cpe:2.3:a:mongodb:mongodb:::::-:::*	`6.0.0`	`7.0.22`
Mongodb Mongodb cpe:2.3:a:mongodb:mongodb:::::-:::*	`8.0.0`	`8.0.10`

References 1

https://jira.mongodb.org/browse/SERVER-101230

cna@mongodb.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-14847

MongoDB

7.5

CVE-2025-1756

Red Hat

7.8

CVE-2025-1755

Red Hat

7.8

CVE-2025-1693

MongoDB

6.8

CVE-2025-1692

MongoDB

8.8

Menu

CVE-2025-12657

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2025-14847

CVE-2025-1756

CVE-2025-1755

CVE-2025-1693

CVE-2025-1692

CVE Details

Editor's Choice

Menu

CVE-2025-12657

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2025-14847

CVE-2025-1756

CVE-2025-1755

CVE-2025-1693

CVE-2025-1692

CVE Details

Editor's Choice

Stay informed on cybersecurity