Cyber Resilience

CVE-2026-25611

HighDDoS

Published: 10 February 2026

Published
10 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0078 51.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25611 is a high-severity Amplification (CWE-405) vulnerability in Mongodb (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-25611 is a denial-of-service vulnerability affecting MongoDB servers, where a series of specifically crafted, unauthenticated messages can exhaust available memory resources and cause the server to crash. Published on 2026-02-10, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is classified under CWE-405, indicating asymmetric resource consumption.

Attackers with network access can exploit this vulnerability without authentication or user interaction, requiring only low attack complexity. Exploitation involves sending the crafted messages to trigger memory exhaustion, resulting in a complete server crash and denial of service with high availability impact, but no effects on confidentiality or integrity.

MongoDB has documented the issue and related fixes in JIRA tickets SERVER-116206, SERVER-116210, and SERVER-116211, which serve as primary references for advisories and patch information.

EU & UK References

Vulnerability details

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE enables direct exploitation of MongoDB server vulnerability to trigger memory exhaustion and crash, matching T1499.004 (Application or System Exploitation) for Endpoint Denial of Service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-30204Shared CWE-405
CVE-2026-22774Shared CWE-405
CVE-2026-22775Shared CWE-405
CVE-2025-53633Shared CWE-405
CVE-2024-11187Shared CWE-405
CVE-2024-55628Shared CWE-405
CVE-2026-0485Shared CWE-405
CVE-2026-44296Shared CWE-405
CVE-2025-24356Shared CWE-405

Affected Assets

Mongodb
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections to mitigate memory exhaustion from crafted unauthenticated messages targeting MongoDB servers.

prevent

Ensures timely flaw remediation by applying MongoDB patches referenced in JIRA tickets SERVER-116206, SERVER-116210, and SERVER-116211 to eliminate the vulnerability.

prevent

Protects resource availability, including memory, through mechanisms like priority-based allocation to counter asymmetric resource consumption attacks.

References