FreeBSD Mail Archives

Date:      Tue, 7 Oct 2025 08:22:21 +0200
From:      =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
To:        Ronald Klop <ronald-lists@klop.ws>
Cc:        ports-committers@freebsd.org, dev-commits-ports-main@freebsd.org,  dev-commits-ports-all@freebsd.org
Subject:   Re: git: 7ec6fda16269 - main - security/vuxml: Add mongodb vulnerabilities
Message-ID:  <CAGwOe2YjcFPDPskDszb47NCrOMoGhpuQA4iWgcN4eSdgXZhkOg@mail.gmail.com>
In-Reply-To: <335147763.13854.1759777644418@localhost>
References:  <202510061544.596FisvI081938@gitrepo.freebsd.org> <335147763.13854.1759777644418@localhost>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
On Mon, Oct 6, 2025 at 9:07 PM Ronald Klop <ronald-lists@klop.ws> wrote:

> Hi Fernando,
>
> Thanks for filling vuxml for the mongodb issues.
>
> Mind that mongodb80 will never contain 8.1.X, but only 8.0.X.
> So '<lt>8.1.2</lt>' will always be true, as 8.0.X will always be less than
> 8.1.2. The same happens with '<lt>8.1.0</lt>'.
>
> See https://www.mongodb.com/docs/manual/reference/versioning/ for an
> explanation about MongoDB versioning. The port van only contain the
> Community edition for on-premise installation AFAIK. This changes again
> with 8.2, but that version is not in the ports tree nowadays.
>
>
You're totally right.

Should be fixed by now.

Thanks!


> Regards,
> Ronald.
>
>
>
> *Van:* "Fernando Apesteguía" <fernape@FreeBSD.org>
> *Datum:* maandag, 6 oktober 2025 17:44
> *Aan:* ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
> dev-commits-ports-main@FreeBSD.org
> *Onderwerp:* git: 7ec6fda16269 - main - security/vuxml: Add mongodb
> vulnerabilities
>
> The branch main has been updated by fernape:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=7ec6fda162694d1ef177aef2cc8f88174d4c8716
>
> commit 7ec6fda162694d1ef177aef2cc8f88174d4c8716
> Author:     Fernando Apesteguía <fernape@FreeBSD.org>
> AuthorDate: 2025-10-06 15:43:39 +0000
> Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
> CommitDate: 2025-10-06 15:43:39 +0000
>
>     security/vuxml: Add mongodb vulnerabilities
>
>      * CVE-2025-10061
>      * CVE-2025-10060
>      * CVE-2025-10059
>      * CVE-2025-7259
> ---
>  security/vuxml/vuln/2025.xml | 146
> +++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 146 insertions(+)
>
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index cec42b929a0c..1990b05803ef 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,149 @@
> +  <vuln vid="a5395e02-a2ca-11f0-8402-b42e991fc52e">
> +    <topic>mongodb -- Malformed $group Query May Cause MongoDB Server to
> Crash</topic>
> +    <affects>
> +      <package>
> +   <name>mongodb60</name>
> +   <range><lt>6.0.25</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb70</name>
> +   <range><lt>7.0.22</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb80</name>
> +   <range><lt>8.1.2</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">;
> +   <p>cna@mongodb.com reports:</p>
> +   <blockquote cite="https://jira.mongodb.org/browse/SERVER-99616">;
> +     <p>An authorized user can cause a crash in the MongoDB Server through
> +   a specially crafted $group query.  This vulnerability is related
> +   to the incorrect handling of certain accumulator functions when
> +   additional parameters are specified within the $group operation.
> +   This vulnerability could lead to denial of service if triggered
> +   repeatedly.  This issue affects MongoDB Server v6.0 versions prior
> +   to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB
> +   Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions
> +   prior to 8.1.2</p>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-10061</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10061</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-09-05</discovery>
> +      <entry>2025-10-06</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid="6d16b410-a2ca-11f0-8402-b42e991fc52e">
> +    <topic>mongodb -- MongoDB may be susceptible to Invariant Failure in
> Transactions due Upsert Operation</topic>
> +    <affects>
> +      <package>
> +   <name>mongodb60</name>
> +   <range><lt>6.0.25</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb70</name>
> +   <range><lt>7.0.22</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb80</name>
> +   <range><lt>8.0.12</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">;
> +   <p>cna@mongodb.com reports:</p>
> +   <blockquote cite="https://jira.mongodb.org/browse/SERVER-95524">;
> +     <p>MongoDB Server may allow upsert operations retried
> +     within a transaction to violate unique index constraints,
> +     potentially causing an invariant failure and server crash
> +     during commit. This issue may be triggered by improper
> +     WriteUnitOfWork state management.</p>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-10060</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10060</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-09-05</discovery>
> +      <entry>2025-10-06</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid="4329e3bd-a2ca-11f0-8402-b42e991fc52e">
> +    <topic>mongodb -- MongoDB Server router will crash when incorrect
> lsid is set on a sharded query</topic>
> +    <affects>
> +      <package>
> +   <name>mongodb60</name>
> +   <range><lt>6.0.24</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb70</name>
> +   <range><lt>7.0.18</lt></range>
> +      </package>
> +      <package>
> +   <name>mongodb80</name>
> +   <range><lt>8.0.6</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">;
> +   <p>cna@mongodb.com reports:</p>
> +   <blockquote cite="https://jira.mongodb.org/browse/SERVER-100901">;
> +     <p>An improper setting of the lsid field on any sharded query can
> cause
> +   a crash in MongoDB routers.  This issue occurs when a generic
> +   argument (lsid) is provided in a case when it is not applicable.</p>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-10059</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10059</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-09-05</discovery>
> +      <entry>2025-10-06</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid="92880bca-a2c9-11f0-8402-b42e991fc52e">
> +    <topic>mongodb -- Certain Queries May Cause MongoDB Server to
> Crash</topic>
> +    <affects>
> +      <package>
> +   <name>mongodb80</name>
> +   <range><lt>8.1.0</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">;
> +   <p>cna@mongodb.com reports:</p>
> +   <blockquote cite="https://jira.mongodb.org/browse/SERVER-102693">;
> +     <p>An authorized user can issue queries with duplicate _id fields,
> +   that leads to unexpected behavior in MongoDB Server, which may
> +   result to crash.  This issue can only be triggered by authorized
> +   users and cause Denial of Service.  This issue affects MongoDB
> +   Server v8.1 version 8.1.0.</p>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-7259</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-7259</url>;
> +    </references>
> +    <dates>
> +      <discovery>2025-07-07</discovery>
> +      <entry>2025-10-06</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="a9dc3c61-a20f-11f0-91d8-b42e991fc52e">
>      <topic>mongodb -- MongoDB Server access to non-initialized
> memory</topic>
>      <affects>
> ------------------------------
>
>
>
>

[-- Attachment #2 --]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Oct 6, 2025 at 9:07 PM Ronald Klop &lt;<a href="mailto:ronald-lists@klop.ws">ronald-lists@klop.ws</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hi Fernando,<br>
<br>
Thanks for filling vuxml for the mongodb issues.<br>
<br>
Mind that mongodb80 will never contain 8.1.X, but only 8.0.X.<br>
So &#39;&lt;lt&gt;8.1.2&lt;/lt&gt;&#39; will always be true, as 8.0.X will always be less than 8.1.2. The same happens with &#39;&lt;lt&gt;8.1.0&lt;/lt&gt;&#39;.<br>
<br>
See <a href="https://www.mongodb.com/docs/manual/reference/versioning/" target="_blank">https://www.mongodb.com/docs/manual/reference/versioning/</a> for an explanation about MongoDB versioning. The port van only contain the Community edition for on-premise installation AFAIK. This changes again with 8.2, but that version is not in the ports tree nowadays.<br>
<br></div></blockquote><div><br></div><div>You&#39;re totally right.</div><div><br></div><div>Should be fixed by now.</div><div><br></div><div>Thanks!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
Regards,<br>
Ronald.<br>
<br>
 
<p><b>Van:</b> &quot;Fernando Apesteguía&quot; &lt;fernape@FreeBSD.org&gt;<br>
<b>Datum:</b> maandag, 6 oktober 2025 17:44<br>
<b>Aan:</b> ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org<br>
<b>Onderwerp:</b> git: 7ec6fda16269 - main - security/vuxml: Add mongodb vulnerabilities</p>

<blockquote style="padding-right:0px;padding-left:5px;margin-left:5px;border-left:2px solid rgb(0,0,0);margin-right:0px">
<div id="m_627780328203963328P">
<div id="m_627780328203963328P.P">The branch main has been updated by fernape:<br>
<br>
URL: <a href="https://cgit.FreeBSD.org/ports/commit/?id=7ec6fda162694d1ef177aef2cc8f88174d4c8716" target="_blank">https://cgit.FreeBSD.org/ports/commit/?id=7ec6fda162694d1ef177aef2cc8f88174d4c8716</a><br>;
<br>
commit 7ec6fda162694d1ef177aef2cc8f88174d4c8716<br>
Author:     Fernando Apesteguía &lt;fernape@FreeBSD.org&gt;<br>
AuthorDate: 2025-10-06 15:43:39 +0000<br>
Commit:     Fernando Apesteguía &lt;fernape@FreeBSD.org&gt;<br>
CommitDate: 2025-10-06 15:43:39 +0000<br>
<br>
    security/vuxml: Add mongodb vulnerabilities<br>
    <br>
     * CVE-2025-10061<br>
     * CVE-2025-10060<br>
     * CVE-2025-10059<br>
     * CVE-2025-7259<br>
---<br>
 security/vuxml/vuln/2025.xml | 146 +++++++++++++++++++++++++++++++++++++++++++<br>
 1 file changed, 146 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml<br>
index cec42b929a0c..1990b05803ef 100644<br>
--- a/security/vuxml/vuln/2025.xml<br>
+++ b/security/vuxml/vuln/2025.xml<br>
@@ -1,3 +1,149 @@<br>
+  &lt;vuln vid=&quot;a5395e02-a2ca-11f0-8402-b42e991fc52e&quot;&gt;<br>
+    &lt;topic&gt;mongodb -- Malformed $group Query May Cause MongoDB Server to Crash&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb60&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;6.0.25&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb70&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;7.0.22&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb80&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;8.1.2&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+   &lt;bodyhttp://<a href="http://www.w3.org/1999/xhtml" target="_blank">www.w3.org/1999/xhtml</a>&quot;&gt;<a href="http://www.w3.org/1999/xhtml" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+   &lt;p&gt;<a href="mailto:cna@mongodb.com" target="_blank">cna@mongodb.com</a> reports:&lt;/p&gt;<br>
+   &lt;blockquote cite=&quot;<a href="https://jira.mongodb.org/browse/SERVER-99616" target="_blank">https://jira.mongodb.org/browse/SERVER-99616</a>&quot;&gt;<br>;
+     &lt;p&gt;An authorized user can cause a crash in the MongoDB Server through<br>
+   a specially crafted $group query.  This vulnerability is related<br>
+   to the incorrect handling of certain accumulator functions when<br>
+   additional parameters are specified within the $group operation.<br>
+   This vulnerability could lead to denial of service if triggered<br>
+   repeatedly.  This issue affects MongoDB Server v6.0 versions prior<br>
+   to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB<br>
+   Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions<br>
+   prior to 8.1.2&lt;/p&gt;<br>
+   &lt;/blockquote&gt;<br>
+   &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-10061&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10061%3C/url" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-10061&lt;/url</a>&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-09-05&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-10-06&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
+  &lt;vuln vid=&quot;6d16b410-a2ca-11f0-8402-b42e991fc52e&quot;&gt;<br>
+    &lt;topic&gt;mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb60&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;6.0.25&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb70&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;7.0.22&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb80&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;8.0.12&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+   &lt;bodyhttp://<a href="http://www.w3.org/1999/xhtml" target="_blank">www.w3.org/1999/xhtml</a>&quot;&gt;<a href="http://www.w3.org/1999/xhtml" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+   &lt;p&gt;<a href="mailto:cna@mongodb.com" target="_blank">cna@mongodb.com</a> reports:&lt;/p&gt;<br>
+   &lt;blockquote cite=&quot;<a href="https://jira.mongodb.org/browse/SERVER-95524" target="_blank">https://jira.mongodb.org/browse/SERVER-95524</a>&quot;&gt;<br>;
+     &lt;p&gt;MongoDB Server may allow upsert operations retried<br>
+     within a transaction to violate unique index constraints,<br>
+     potentially causing an invariant failure and server crash<br>
+     during commit. This issue may be triggered by improper<br>
+     WriteUnitOfWork state management.&lt;/p&gt;<br>
+   &lt;/blockquote&gt;<br>
+   &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-10060&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10060%3C/url" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-10060&lt;/url</a>&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-09-05&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-10-06&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
+  &lt;vuln vid=&quot;4329e3bd-a2ca-11f0-8402-b42e991fc52e&quot;&gt;<br>
+    &lt;topic&gt;mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb60&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;6.0.24&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb70&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;7.0.18&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb80&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;8.0.6&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+   &lt;bodyhttp://<a href="http://www.w3.org/1999/xhtml" target="_blank">www.w3.org/1999/xhtml</a>&quot;&gt;<a href="http://www.w3.org/1999/xhtml" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+   &lt;p&gt;<a href="mailto:cna@mongodb.com" target="_blank">cna@mongodb.com</a> reports:&lt;/p&gt;<br>
+   &lt;blockquote cite=&quot;<a href="https://jira.mongodb.org/browse/SERVER-100901" target="_blank">https://jira.mongodb.org/browse/SERVER-100901</a>&quot;&gt;<br>;
+     &lt;p&gt;An improper setting of the lsid field on any sharded query can cause<br>
+   a crash in MongoDB routers.  This issue occurs when a generic<br>
+   argument (lsid) is provided in a case when it is not applicable.&lt;/p&gt;<br>
+   &lt;/blockquote&gt;<br>
+   &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-10059&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10059%3C/url" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-10059&lt;/url</a>&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-09-05&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-10-06&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
+  &lt;vuln vid=&quot;92880bca-a2c9-11f0-8402-b42e991fc52e&quot;&gt;<br>
+    &lt;topic&gt;mongodb -- Certain Queries May Cause MongoDB Server to Crash&lt;/topic&gt;<br>
+    &lt;affects&gt;<br>
+      &lt;package&gt;<br>
+   &lt;name&gt;mongodb80&lt;/name&gt;<br>
+   &lt;range&gt;&lt;lt&gt;8.1.0&lt;/lt&gt;&lt;/range&gt;<br>
+      &lt;/package&gt;<br>
+    &lt;/affects&gt;<br>
+    &lt;description&gt;<br>
+   &lt;bodyhttp://<a href="http://www.w3.org/1999/xhtml" target="_blank">www.w3.org/1999/xhtml</a>&quot;&gt;<a href="http://www.w3.org/1999/xhtml" target="_blank">http://www.w3.org/1999/xhtml</a>&quot;&gt;<br>;
+   &lt;p&gt;<a href="mailto:cna@mongodb.com" target="_blank">cna@mongodb.com</a> reports:&lt;/p&gt;<br>
+   &lt;blockquote cite=&quot;<a href="https://jira.mongodb.org/browse/SERVER-102693" target="_blank">https://jira.mongodb.org/browse/SERVER-102693</a>&quot;&gt;<br>;
+     &lt;p&gt;An authorized user can issue queries with duplicate _id fields,<br>
+   that leads to unexpected behavior in MongoDB Server, which may<br>
+   result to crash.  This issue can only be triggered by authorized<br>
+   users and cause Denial of Service.  This issue affects MongoDB<br>
+   Server v8.1 version 8.1.0.&lt;/p&gt;<br>
+   &lt;/blockquote&gt;<br>
+   &lt;/body&gt;<br>
+    &lt;/description&gt;<br>
+    &lt;references&gt;<br>
+      &lt;cvename&gt;CVE-2025-7259&lt;/cvename&gt;<br>
+      &lt;url&gt;<a href="https://nvd.nist.gov/vuln/detail/CVE-2025-7259%3C/url" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2025-7259&lt;/url</a>&gt;<br>;
+    &lt;/references&gt;<br>
+    &lt;dates&gt;<br>
+      &lt;discovery&gt;2025-07-07&lt;/discovery&gt;<br>
+      &lt;entry&gt;2025-10-06&lt;/entry&gt;<br>
+    &lt;/dates&gt;<br>
+  &lt;/vuln&gt;<br>
+<br>
   &lt;vuln vid=&quot;a9dc3c61-a20f-11f0-91d8-b42e991fc52e&quot;&gt;<br>
     &lt;topic&gt;mongodb -- MongoDB Server access to non-initialized memory&lt;/topic&gt;<br>
     &lt;affects&gt;</div>

<hr></div>
</blockquote>
<br>
 </div></blockquote></div></div>

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGwOe2YjcFPDPskDszb47NCrOMoGhpuQA4iWgcN4eSdgXZhkOg>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation