CVE-2025-12119 MEDIUM

CVE-2025-12119: Bulk write with options may read invalid memory

Vendor Mongodb
Product C Driver
Weakness CWE-825
Published November 18, 2025
Last update January 14, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A mongoc_bulk_operation_t may read invalid memory if large options are passed.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
January 14, 2026 Record updated