{"id":"CVE-2025-7259","details":"An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.","aliases":["BIT-mongodb-2025-7259"],"modified":"2026-04-10T05:35:47.705887Z","published":"2025-07-07T16:15:30.440Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-102693"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"0"},{"last_affected":"b6da7e2baf4c9d2732dca1f85e9204a9f5813922"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.1.0"}]}}],"versions":["0.9.1","1.7-cut","r0.0.3","r0.0.4_rc1","r0.0.6_rc1","r0.0.7_rc1","r0.0.7_rc2","r0.0.7_rc3","r0.0.7_rc4","r0.0.9_rc1","r0.1.0_rc1","r0.1.2_rc1","r0.1.3_rc1","r0.1.4_rc1","r0.1.5_rc1","r0.1.6_rc1","r0.2.1","r0.9.1","r0.9.10","r0.9.5","r0.9.6","r0.9.8","r0.9.9","r1.1.1","r1.1.3","r1.3.0","r1.3.4","r1.5.0","r1.5.1","r1.5.2","r1.5.5","r1.5.6","r1.7.5","r1.7.6","r1.8.0-rc0","r2.1.1","r2.1.2","r2.2.0-rc0","r2.3.1","r2.3.2","r2.4.0-rc0","r2.4.0-rc1","r2.4.0-rc2","r2.4.0.rc1","r2.5.1","r2.5.2","r2.5.3","r2.5.4","r2.5.5","r2.6.0-rc0","r2.6.0-rc1","r2.7.0","r2.7.1","r2.7.2","r2.7.3","r2.7.4","r2.7.5","r2.7.6","r2.7.7","r2.7.8","r2.8.0-rc0","r2.8.0-rc1","r2.8.0-rc2","r2.8.0-rc3","r2.8.0-rc4","r2.8.0-rc5","r3.1.0","r3.1.1","r3.1.2","r3.1.3","r3.1.4","r3.1.5","r3.1.6","r3.1.7","r3.1.8","r3.1.9","r3.2.0","r3.2.0-rc0","r3.2.0-rc1","r3.2.0-rc2","r3.2.0-rc3","r3.2.0-rc4","r3.2.0-rc5","r3.2.0-rc6","r3.3.0","r3.3.1","r3.3.10","r3.3.11","r3.3.12","r3.3.13","r3.3.14","r3.3.15","r3.3.2","r3.3.3","r3.3.4","r3.3.5","r3.3.6","r3.3.7","r3.3.8","r3.3.9","r3.4.0-rc0","r3.4.0-rc1","r3.4.0-rc2","r3.4.0-rc3","r3.5.0","r3.5.1","r3.5.10","r3.5.11","r3.5.12","r3.5.13","r3.5.2","r3.5.3","r3.5.4","r3.5.5","r3.5.6","r3.5.7","r3.5.8","r3.5.9","r3.6.0-rc0","r3.6.0-rc1","r3.6.0-rc2","r3.6.0-rc3","r3.6.0-rc4","r3.7.0","r3.7.1","r3.7.2","r3.7.3","r3.7.4","r3.7.5","r3.7.6","r3.7.7","r3.7.8","r3.7.9","r4.0.0-rc0","r4.1.0","r4.1.1","r4.1.10","r4.1.11","r4.1.12","r4.1.13","r4.1.2","r4.1.3","r4.1.4","r4.1.5","r4.1.6","r4.1.7","r4.1.8","r4.1.9","r4.3.0","r4.3.1","r4.3.2","r4.3.3","r4.3.4","r4.5.0","r4.8.0-alpha","r4.9.0-alpha","r4.9.0-alpha0","r4.9.0-alpha1","r4.9.0-alpha2","r4.9.0-alpha3","r4.9.0-alpha4","r4.9.0-alpha5","r4.9.0-alpha6","r4.9.0-alpha7","r5.0.0-alpha","r5.0.0-alpha0","r5.1.0-alpha","r5.2.0-alpha","r5.3.0-alpha","r5.3.0-alpha0","r5.3.0-alpha1","r5.3.0-alpha2","r5.3.0-alpha3","r5.3.0-alpha4","r6.0.0-alpha","r6.0.0-alpha0","r6.0.0-alpha1","r6.1.0-alpha","r6.2.0-alpha","r6.3.0-alpha","r6.3.0-alpha0","r6.3.0-rc0","r7.0.0-alpha","r7.0.0-alpha0","r7.1.0-alpha","r7.1.0-alpha0","r7.2.0-alpha","r7.2.0-alpha0","r7.3.0-alpha","r7.3.0-alpha0","r7.3.0-alpha1","r7.3.0-rc0","r8.0.0-alpha","r8.0.0-alpha0","r8.0.0-alpha1","r8.0.0-alpha2","r8.1.0","r8.1.0-alpha","r8.1.0-alpha0","r8.1.0-alpha1","r8.1.0-alpha2","r8.1.0-alpha3","r8.1.0-rc0","r8.1.0-rc1","r8.1.0-rc2","r8.1.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7259.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}