CVE-2025-3082 LOW

CVE-2025-3082: User may override a view's collation and gain unauthorized access to underlying data

Vendor Mongodb Inc

Product MongoDB Server

Weakness CWE-284

Published April 1, 2025

Last update April 1, 2025

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

Key dates

02Disclosure timeline

April 1, 2025 CVE published

April 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3082 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2025-3082

CWE CWE-284

CVSS 3.1 / LOW

Affected versions

Vendor Mongodb Inc

Product MongoDB Server

Affected ≥ 5.0 and < 5.0.31

Vendor Mongodb Inc

Product MongoDB Server

Affected ≥ 6.0 and < 6.0.20

Vendor Mongodb Inc

Product MongoDB Server

Affected ≥ 7.0 and < 7.0.14

Vendor Mongodb Inc

Product MongoDB Server

Affected ≥ 7.3 and < 7.3.4

CVE-2025-3082: User may override a view's collation and gain unauthorized access to underlying data

01Description

02Disclosure timeline

03References

04Related CVE