VULNERABILITY

FreeBSD: VID-350B3389-107F-11F0-8195-B42E991FC52E (CVE-2025-3084): MongoDB -- crash due to improper validation of explain command

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

FreeBSD: VID-350B3389-107F-11F0-8195-B42E991FC52E (CVE-2025-3084): MongoDB -- crash due to improper validation of explain command

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
04/01/2025
Created
04/08/2025
Added
04/05/2025
Modified
04/11/2025

Description

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

Solution(s)

  • freebsd-upgrade-package-mongodb50
  • freebsd-upgrade-package-mongodb60
  • freebsd-upgrade-package-mongodb70
  • freebsd-upgrade-package-mongodb80

References

  • CVE-2025-3084

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;