CVE-2025-0755 is a heap-based buffer overflow vulnerability identified in the libbson component of MongoDB's C driver library. The vulnerability occurs in various bson_append functions when they handle BSON documents that exceed the maximum allowable size defined by INT32_MAX (2,147,483,647 bytes). When such oversized BSON documents are constructed, the internal buffer allocation and management logic fails to properly handle the size, leading to a heap overflow. This overflow can cause segmentation faults, resulting in application crashes and potentially enabling an attacker to execute arbitrary code or corrupt memory. The affected versions include libbson prior to 1.27.5, MongoDB Server versions 8.0 prior to 8.0.1, and 7.0 prior to 7.0.16. The vulnerability has a CVSS v3.1 base score of 8.4, indicating high severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the nature of the vulnerability suggests that exploitation could lead to denial of service or remote code execution if combined with other vulnerabilities or misconfigurations. The issue was reserved in January 2025 and publicly disclosed in March 2025. MongoDB is widely used in enterprise and cloud environments, making this vulnerability significant for organizations relying on these technologies.

For European organizations, the impact of CVE-2025-0755 can be substantial. MongoDB is commonly used in sectors such as finance, telecommunications, government, and technology across Europe. A successful exploitation could lead to application crashes causing denial of service, disrupting critical business operations and services. More severe exploitation could allow attackers to execute arbitrary code, leading to data breaches, unauthorized data manipulation, or lateral movement within networks. This compromises confidentiality, integrity, and availability of sensitive data and systems. Given the local attack vector, attackers would need some form of access to the affected system, which could be achieved through compromised user accounts or insider threats. Organizations running vulnerable MongoDB versions in production environments, especially those processing large BSON documents or handling critical data, face elevated risks. The disruption could affect customer trust, regulatory compliance (e.g., GDPR), and financial stability. Additionally, the lack of known exploits in the wild does not preclude future attacks, emphasizing the need for proactive mitigation.

1. Immediately upgrade all MongoDB Server instances to version 8.0.1 or later (for 8.0 branch) and 7.0.16 or later (for 7.0 branch), and upgrade libbson to version 1.27.5 or later. 2. Audit application code to identify and limit BSON document sizes, ensuring they do not approach or exceed the INT32_MAX limit. 3. Implement strict access controls and monitoring to prevent unauthorized local access to MongoDB servers, reducing the risk of exploitation given the local attack vector. 4. Employ runtime application self-protection (RASP) or memory protection tools to detect and prevent heap overflows at runtime. 5. Conduct thorough testing of applications interacting with MongoDB to detect abnormal crashes or memory corruption symptoms. 6. Review and enhance logging and alerting mechanisms to detect anomalous behavior indicative of exploitation attempts. 7. Educate developers and system administrators about the vulnerability and the importance of timely patching. 8. If immediate patching is not feasible, consider isolating MongoDB instances and restricting BSON document sizes via application-level validation as a temporary mitigation.