CVE-2025-13643 – A privilege escalation vulnerability in MongoDB... (How to Fix)

Q: What is the severity of CVE-2025-13643?

CVE-2025-13643 has a CVSS score of 3.1 (LOW). A privilege escalation vulnerability in MongoDB Server allows users with limited privileges to terminate queries executed by other users, causing denial of service by preventing queries from completing. This affects MongoDB Server v7.0 before 7.0.26 and v8.0 before 8.0.14. The vulnerability requires authenticated access to the cluster.

📋 TL;DR

A privilege escalation vulnerability in MongoDB Server allows users with limited privileges to terminate queries executed by other users, causing denial of service by preventing queries from completing. This affects MongoDB Server v7.0 before 7.0.26 and v8.0 before 8.0.14. The vulnerability requires authenticated access to the cluster.

💻 Affected Systems

Products:

MongoDB Server

Versions: v7.0.0 to v7.0.25, v8.0.0 to v8.0.13

Operating Systems: All operating systems running affected MongoDB versions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using the affected MongoDB Server versions, regardless of configuration. Requires users with database access privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious or compromised users with minimal privileges could systematically terminate critical database queries, causing widespread service disruption and data processing failures.

🟠

Likely Case

Accidental or intentional termination of queries by users with limited privileges, causing intermittent query failures and degraded database performance.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated query failures that can be quickly detected and remediated.

🌐 Internet-Facing: LOW - Requires authenticated access to MongoDB cluster, which should not be directly internet-facing in secure configurations.

🏢 Internal Only: MEDIUM - Internal users with database access could exploit this, but requires specific privileges and access to the affected MongoDB instances.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to MongoDB with specific privilege actions. The vulnerability is documented in MongoDB's internal tracking system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v7.0.26 or v8.0.14

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-103582

Restart Required: Yes

Instructions:

1. Download MongoDB Server v7.0.26 or v8.0.14 from official MongoDB website. 2. Stop the MongoDB service. 3. Backup your data and configuration. 4. Install the updated version. 5. Restart the MongoDB service. 6. Verify the version is updated.

🔧 Temporary Workarounds

Restrict User Privileges

all

Review and limit user privileges to prevent unauthorized query termination actions.

db.revokeRolesFromUser("username", [ { role: "killAnyCursor", db: "admin" } ])

Implement Query Monitoring

all

Monitor and alert on unexpected query terminations using MongoDB's auditing features.

db.adminCommand({setParameter: 1, auditAuthorizationSuccess: true})

🧯 If You Can't Patch

Implement strict role-based access control to limit who can execute query termination operations
Enable comprehensive auditing and monitoring to detect and respond to unauthorized query terminations

🔍 How to Verify

Check if Vulnerable:

Connect to MongoDB and run: db.version(). Check if version is between v7.0.0-7.0.25 or v8.0.0-8.0.13

Check Version:

db.version()

Verify Fix Applied:

After patching, run: db.version() and verify version is v7.0.26 or higher, or v8.0.14 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected query termination events in MongoDB logs
killCursors operations from unauthorized users
Failed queries with termination errors

Network Indicators:

Unusual killCursors command patterns in MongoDB protocol traffic

SIEM Query:

source="mongodb.log" AND ("killCursors" OR "query terminated") AND NOT user="authorized_user"

📊 Metadata

CVE ID: CVE-2025-13643

CVSS v3 Score: 3.1 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-862

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: November 25, 2025

Last Updated: December 11, 2025

🔗 References

https://jira.mongodb.org/browse/SERVER-103582 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13643, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Privileges

Implement Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities