What is the severity of CVE-2025-3082?

CVE-2025-3082 has a critical severity rating due to its potential to allow unauthorized data access.

How do I fix CVE-2025-3082?

To mitigate CVE-2025-3082, upgrade MongoDB Server to version 5.0.31 or later, 6.0.20 or later, or 7.0.14 or later.

What versions of MongoDB Server are affected by CVE-2025-3082?

CVE-2025-3082 affects MongoDB Server versions prior to 5.0.31, 6.0.20, and 7.0.14.

What type of vulnerability is CVE-2025-3082?

CVE-2025-3082 is a privilege escalation vulnerability that allows users to alter data visibility.

Can this vulnerability lead to data breaches in MongoDB Server?

Yes, CVE-2025-3082 can lead to data breaches by enabling unauthorized access to sensitive data.

Vulnerability/
CVE-2025-3082

low

3.1

CWE

284

EPSS

0.028%

1/4/2025

CVE-2025-3082: User may override a view's collation and gain unauthorized access to underlying data

First published: Tue Apr 01 2025(Updated: )

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

Credit: cna@mongodb.com

Affected Software	Affected Version	How to fix
MongoDB	<5.0.31
MongoDB	<6.0.20
MongoDB	<7.0.14
MongoDB	<7.3.4

Never miss a vulnerability like this again

Reference Links

https://jira.mongodb.org/browse/SERVER-103151

Frequently Asked Questions

What is the severity of CVE-2025-3082?
CVE-2025-3082 has a critical severity rating due to its potential to allow unauthorized data access.
How do I fix CVE-2025-3082?
To mitigate CVE-2025-3082, upgrade MongoDB Server to version 5.0.31 or later, 6.0.20 or later, or 7.0.14 or later.
What versions of MongoDB Server are affected by CVE-2025-3082?
CVE-2025-3082 affects MongoDB Server versions prior to 5.0.31, 6.0.20, and 7.0.14.
What type of vulnerability is CVE-2025-3082?
CVE-2025-3082 is a privilege escalation vulnerability that allows users to alter data visibility.
Can this vulnerability lead to data breaches in MongoDB Server?
Yes, CVE-2025-3082 can lead to data breaches by enabling unauthorized access to sensitive data.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/references
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/mongodb
canonical/mongodb

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.