CVE-2025-3082: User may override a view's collation and gain unauthorized access to underlying data

3.1 CVSS

Description

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

Classification

CVE ID: CVE-2025-3082

CVSS Base Severity: LOW

CVSS Base Score: 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-284: Improper Access Control

Affected Products

Vendor: MongoDB Inc

Product: MongoDB Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.19% (scored less or equal to compared to others)

EPSS Date: 2025-04-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3082
https://jira.mongodb.org/browse/SERVER-103151

Timeline

2025-04-01 12:40:18 UTC
CVE

User may override a view's collation and gain unauthorized access to underlying data