FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mongodb -- Malformed $group Query May Cause MongoDB Server to Crash

Affected packages
mongodb60 < 6.0.25
mongodb70 < 7.0.22

Details

VuXML ID a5395e02-a2ca-11f0-8402-b42e991fc52e
Discovery 2025-09-05
Entry 2025-10-06
Modified 2025-10-07

cna@mongodb.com reports:

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly.

[source]

References

CVE Name CVE-2025-10061
URL https://nvd.nist.gov/vuln/detail/CVE-2025-10061

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.