exploitDog

CVE-2025-10491

Опубликовано: 15 сент. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5

Ссылки

https://jira.mongodb.org/browse/SERVER-51366

EPSS

Процентиль: 5%

0.00023

Низкий

7.8 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-2mmf-p5r8-wc5g

CVSS3: 7.8

github

5 месяцев назад

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5

EPSS

Процентиль: 5%

0.00023

Низкий

7.8 High

CVSS3

Дефекты

CWE-284