CVE-2025-0755 HIGH

CVE-2025-0755: MongoDB C Driver bson library may be susceptible to buffer overflow

Vendor Mongodb Inc
Product libbson
Weakness CWE-122
Published March 18, 2025
Last update November 3, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

Key dates

02Disclosure timeline

March 18, 2025 CVE published
November 3, 2025 Record updated