216.73.217.172

CVE-2025-12657

· Published 03/11/2025 21:18 · Modified 12/12/2025 17:22

Labels: CVE-2025-12657 2025-11-03CVE-2025-12657CWE-754[email protected]

Essential information

Published
03/11/2025 21:18
Modified
12/12/2025 17:22
Author
Creator
CVSS
5.9 MEDIUM (v3) 5.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mongodb / mongodb cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*
mongodb / mongodb cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*

References