Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0755

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

Published

2025-03-18T09:15:11.487

Last Modified

2025-09-22T18:32:49.997

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-122

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mongodb	libbson	< 1.27.5	Yes
Application	mongodb	mongodb	< 7.0.16	Yes
Application	mongodb	mongodb	8.0.0	Yes

References

https://jira.mongodb.org/browse/CDRIVER-5601 Issue Tracking, Vendor Advisory ([email protected])
https://jira.mongodb.org/browse/SERVER-94461 Issue Tracking, Vendor Advisory ([email protected])