CVE-2025-12119 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
mongodb	CNA	6.8 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
mongodb	c_driver	1.9.0 ≤ 𝑥 < 1.30.6
mongodb	c_driver	2.0.0 ≤ 𝑥 < 2.1.2
mongodb	php_driver	𝑥 < 1.21.2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mongo-c-driver

focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage

php-mongodb

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-825 - Expired Pointer Dereference
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

References

https://github.com/mongodb/mongo-c-driver/releases/tag/1.30.6

https://github.com/mongodb/mongo-c-driver/releases/tag/2.1.2

https://github.com/mongodb/mongo-php-driver/releases/tag/1.21.2

https://lists.debian.org/debian-lts-announce/2026/01/msg00009.html