Cyber Resilience

CVE-2025-3085

High

Published: 01 April 2025

Published
01 April 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3085 is a high-severity Improper Check for Certificate Revocation (CWE-299) vulnerability in Mongodb Mongodb. Its CVSS base score is 8.1 (High).

Operationally, ranked at the 48.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled…

more

by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4. Required Configuration : MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mongodb
mongodb
5.0.0 — 5.0.31 · 6.0.0 — 6.0.20 · 7.0.0 — 7.0.16

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References