MongoDB Denial-of-Service via Query Termination Privileges before 7.0.26/8.0.14
CVE-2025-13643 Published on November 25, 2025
MongoDB Server may allow queries to be terminated by unauthorized users
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
Vulnerability Analysis
CVE-2025-13643 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-13643 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-13643
Want to know whenever a new CVE is published for MongoDB? stack.watch will email you.
Affected Versions
MongoDB Inc. MongoDB Server:- Version 8.0 and below 8.0.14 is affected.
- Version 7.0 and below 7.0.26 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.