CNNVD-202509-2039 Information

Sep 15, 2025 cve

CNNVD ID

CNNVD-202509-2039

CVE-2025-10491

  • CNNVD Published: 2025-09-15

Description (Chinese)

MongoDB Server是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server v6.0 6.0.25之前版本、v7.0 7.0.21之前版本和v8.0 8.0.5之前版本存在安全漏洞,该漏洞源于Windows安装MSI未设置自定义安装目录的ACL,可能导致本地攻击者通过DLL劫持引入可执行代码。

Description (English)

MongoDB Server is an open-source NoSQL database for MongoDB in the United States. The database provides a collection-oriented memory, dynamic queries, data replication and automatic downtime transfer. There is a security loophole in the pre-MongoDB Server v. 6.0.25, v7.0.0.21 and v.8.0.8.5, which stems from the installation by Windows of an ACL without a custom installation directory, which may lead to the introduction of enforceable codes by local attackers through DLL hijacking.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

MonoCMS

Published

2025-09-15

Last Modified

2026-02-24

References

https://jira.mongodb.org/browse/SERVER-51366

Patch

https://www.mongodb.com/try/download/community

Share on: