BIT-mongodb-2025-10060

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-10060.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-mongodb-2025-10060

Aliases

CVE-2025-10060

Published

2025-09-19T09:58:16.816Z

Modified

2025-09-19T15:42:25.630087Z

Summary

MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

Details

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

Database specific

{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

6.0.0

Fixed

6.0.25

Introduced

7.0.0

Fixed

7.0.22

Introduced

8.0.0

Fixed

8.0.12

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-10060.json"