Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-12119
CVE-2025-12119:
MongoDB vulnerability analysis and mitigation
Overview
A vulnerability was identified in MongoDB's C Driver (CVE-2025-12119) where a mongoc_bulk_operation_t may read invalid memory if large options are passed. The vulnerability was disclosed on November 18, 2025 (NVD).
Technical details
The vulnerability is classified as a CWE-825 (Expired Pointer Dereference) with a CVSS v4.0 base score of 6.9 (MEDIUM) and CVSS v3.1 base score of 6.8 (MEDIUM). The vulnerability requires local access (AV:L) with low attack complexity (AC:L) and low privileges (PR:L). The vulnerability primarily impacts confidentiality with high severity (VC:H) and has low impact on availability (VA:L) (NVD).
Impact
The vulnerability affects multiple versions of the MongoDB C Driver, including versions up to 1.30.6 and 2.1.2. The issue could lead to invalid memory reads when processing large options in bulk operations (MongoDB Release, MongoDB Release).
Mitigation and workarounds
The vulnerability has been fixed in MongoDB C Driver versions 1.30.6 and 2.1.2, and MongoDB PHP Driver version 1.21.2. Users are advised to upgrade to these patched versions (MongoDB Release, MongoDB Release, PHP Driver).
Additional resources
Source: This report was generated using AI
Related MongoDB vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management