do son 
A newly disclosed vulnerability in the MongoDB C driver library could allow for buffer overflow attacks, potentially leading to application crashes. The vulnerability, identified as CVE-2025-0755 and given a CVSS score of 8.4, affects the bson_append functions within the library.
According to the advisory, the bson_append functions “may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash.”
The vulnerability impacts the following products and versions:
-
libbson versions prior to 1.27.5
-
MongoDB Server v8.0 versions prior to 8.0.1
-
MongoDB Server v7.0 versions prior to 7.0.16
Users of the affected products are strongly advised to update to the latest versions to mitigate the risk of exploitation. Upgrading to libbson version 1.27.5 or later, MongoDB Server v8.0.1 or later, or MongoDB Server v7.0.16 or later will address the vulnerability.
Related Posts:
- MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products
- Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
- Data Breach Alert: MongoDB Customer Hit, Logs Accessed
- CVE-2025-2306 (CVSS 9.0): Mongoose Flaw Leaves Millions of Downloads Exposed to Search Injection
- Spring Data MongoDB SpEL Expression injection vulnerability
