CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

Published Nov 6, 2025

https://jira.mongodb.org/browse/SERVER-101230 https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/12xxx/CVE-2025-12657.json

CVSS ScoreMedium

5.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

Published Nov 6, 2025

https://jira.mongodb.org/browse/SERVER-101230 https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/12xxx/CVE-2025-12657.json

CVSS ScoreMedium

5.5

No packages found

Try adjusting your search terms.

Ecosystem	Package	Version

No packages found

Try adjusting your search terms.

Find vulnerabilities. Fix fast with AI.

CVE-2025-12657

CVE-2025-12657

No packages found

No packages found