CVE-2025-0755 – A buffer overflow vulnerability in MongoDB's C ... (How to Fix)

Q: What is the severity of CVE-2025-0755?

CVE-2025-0755 has a CVSS score of 8.4 (HIGH). A buffer overflow vulnerability in MongoDB's C driver library (libbson) allows attackers to cause segmentation faults and application crashes by creating BSON documents exceeding maximum size limits. This affects MongoDB servers using vulnerable libbson versions and applications using the C driver directly. The vulnerability can lead to denial of service and potential remote code execution in worst-case scenarios.

📋 TL;DR

A buffer overflow vulnerability in MongoDB's C driver library (libbson) allows attackers to cause segmentation faults and application crashes by creating BSON documents exceeding maximum size limits. This affects MongoDB servers using vulnerable libbson versions and applications using the C driver directly. The vulnerability can lead to denial of service and potential remote code execution in worst-case scenarios.

💻 Affected Systems

Products:

MongoDB Server
libbson (MongoDB C Driver)

Versions: libbson versions prior to 1.27.5, MongoDB Server v8.0 prior to 8.0.1, MongoDB Server v7.0 prior to 7.0.16

Operating Systems: All operating systems running affected MongoDB/libbson versions

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable libbson functions (bson_append*) is affected, not just MongoDB servers

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment

🟠

Likely Case

Denial of service through application crashes, disrupting database operations and dependent services

🟢

If Mitigated

Limited impact with proper input validation and size checking in application code

🌐 Internet-Facing: HIGH - MongoDB instances exposed to the internet are directly vulnerable to crafted BSON document attacks

🏢 Internal Only: MEDIUM - Internal applications using the vulnerable C driver could be exploited by authenticated users or through other attack vectors

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting specific BSON documents that trigger the buffer overflow. The vulnerability is in the C driver library, making exploitation more complex than typical web vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libbson 1.27.5, MongoDB Server 8.0.1, MongoDB Server 7.0.16

Vendor Advisory: https://jira.mongodb.org/browse/CDRIVER-5601

Restart Required: No

Instructions:

1. Update libbson to version 1.27.5 or later using your package manager (apt-get upgrade libbson, yum update libbson, etc.). 2. Update MongoDB Server to version 8.0.1 or 7.0.16 depending on your major version. 3. Recompile and redeploy any applications using the C driver with the updated library.

🔧 Temporary Workarounds

Input validation and size checking

all

Implement application-level validation to ensure BSON documents do not exceed maximum size limits before passing to bson_append functions

Network filtering and rate limiting

all

Implement network controls to limit large BSON document submissions and filter suspicious database operations

🧯 If You Can't Patch

Implement strict input validation in application code to reject BSON documents approaching INT32_MAX size
Deploy MongoDB behind application firewalls with BSON document size inspection capabilities

🔍 How to Verify

Check if Vulnerable:

Check libbson version with: pkg-config --modversion libbson-1.0. For MongoDB: mongod --version

Check Version:

pkg-config --modversion libbson-1.0 && mongod --version 2>/dev/null | grep 'db version'

Verify Fix Applied:

Confirm version numbers: libbson >= 1.27.5, MongoDB Server >= 8.0.1 or >= 7.0.16

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
MongoDB crash logs
Unusually large BSON document operations

Network Indicators:

Large BSON document submissions exceeding normal size patterns
Multiple failed connection attempts after crashes

SIEM Query:

source="mongodb.log" AND ("segmentation fault" OR "SIGSEGV" OR "crash" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-0755

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.24% exploit probability (46.7th percentile)

Published: March 18, 2025

Last Updated: November 3, 2025

🔗 References

https://jira.mongodb.org/browse/CDRIVER-5601 Issue Tracking,Vendor Advisory
https://jira.mongodb.org/browse/SERVER-94461 Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0755, you might also want to check these: