Base Score

LOW3.3

CVE-2025-12119

A mongoc_bulk_operation_t may read invalid memory if large options are passed.

VectorLOCAL

Published Bycna@mongodb.com

Published DateNov 18, 2025, 22:15

Affected Versions(1)

mongodb/mongodb-extension(Packagist)

Introduced0

Fixed1.21.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mongodb/mongodb-extension(Packagist)	0	1.21.2	N/A

Weakness Type (CWE):CWE-825

CVSS Metrics

Base Score

6.9

Vector String

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

Base Score

LOW3.3

Weakness Type (CWE):CWE-825

CVSS Metrics

Base Score

6.9

Vector String

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)