{"id":"CVE-2025-13643","details":"A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14","aliases":["BIT-mongodb-2025-13643"],"modified":"2026-03-12T17:38:19.829440Z","published":"2025-11-25T06:15:45.580Z","references":[{"type":"ADVISORY","url":"https://jira.mongodb.org/browse/SERVER-103582"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"cfe96f2560c2000d837880f3e49086bed560abec"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"667c242e00609bae2ddb7fe30c0ed9cca3320bdb"},{"introduced":"0"},{"last_affected":"246b4fceaab08de8de2aa07c28ab06a06a8a2c61"},{"introduced":"0"},{"last_affected":"d87917ee6a5dc2cb35086c423a88034571f4639b"},{"introduced":"0"},{"last_affected":"531be2b0654fcaa836980dfb2a6b0c9d47721fab"},{"introduced":"0"},{"last_affected":"e1a5281f585ce2cf7f3d241835002c82d77ead48"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.0.26"},{"introduced":"8.0.0"},{"fixed":"8.0.14"},{"introduced":"0"},{"last_affected":"8.2.0-alpha"},{"introduced":"0"},{"last_affected":"8.2.0-alpha0"},{"introduced":"0"},{"last_affected":"8.2.0-alpha1"},{"introduced":"0"},{"last_affected":"8.2.0-alpha2"}]}}],"database_specific":{"vanir_signatures":[{"target":{"file":"src/mongo/util/net/ssl_manager_windows.cpp","function":"validatePeerCertificate"},"digest":{"function_hash":"169396510644917166107972285471505278925","length":5523},"id":"CVE-2025-13643-0d7700d5","signature_type":"Function","deprecated":false,"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec"},{"target":{"file":"src/mongo/util/net/ssl_manager_windows.cpp"},"digest":{"threshold":0.9,"line_hashes":["255094620203238166973302767875286180987","311318788437859314187108745684874069447","13195629967762718487111799273423913192","145659902616350294817239749199959363992","221972074441494021565962355714822796262","48835208987546656192845547932509644477","87708939807646049295739831013123777386","10193593850898967193818537886210518552","331231889353555350497810337678926637920","152234860073312542299676805758359870241"]},"id":"CVE-2025-13643-1ac5af1d","signature_type":"Line","deprecated":false,"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec"},{"target":{"file":"src/mongo/util/net/ssl_manager_apple.cpp"},"digest":{"threshold":0.9,"line_hashes":["52207717764756858887103230689427858974","241284099896496899084843301553798842386","81015194422365157642401834775353309989","306832239360780013917147226125039650941"]},"id":"CVE-2025-13643-5d8a373e","signature_type":"Line","deprecated":false,"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec"},{"target":{"file":"src/mongo/util/net/ssl_manager_apple.cpp","function":"CreateSecTrustPolicies"},"digest":{"function_hash":"60854262378866240810463600752329606435","length":715},"id":"CVE-2025-13643-a2bd2a3d","signature_type":"Function","deprecated":false,"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/cfe96f2560c2000d837880f3e49086bed560abec"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13643.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}