CVE-2025-10061 is a medium-severity vulnerability affecting multiple recent versions of MongoDB Server (6.0 prior to 6.0.25, 7.0 prior to 7.0.22, 8.0 prior to 8.0.12, and 8.1 prior to 8.1.2). The issue arises from improper input validation (CWE-20) within the $group aggregation stage of MongoDB queries. Specifically, when an authorized user crafts a $group query that uses certain accumulator functions with additional parameters, the server mishandles these inputs, leading to a crash. This crash results in a denial of service (DoS) condition if the exploit is triggered repeatedly. The vulnerability requires the attacker to have authorized access to the database, but does not require user interaction beyond sending the malicious query. The CVSS 3.1 base score is 6.5, reflecting a network attack vector with low complexity, requiring privileges but no user interaction, and resulting in availability impact only. No known exploits are currently reported in the wild. The root cause is insufficient validation of input parameters in aggregation operations, which can cause the server process to terminate unexpectedly, disrupting database availability.

For European organizations relying on MongoDB Server for critical applications, this vulnerability poses a risk of service disruption through denial of service attacks. Since MongoDB is widely used in sectors such as finance, healthcare, e-commerce, and public services across Europe, a successful exploitation could interrupt business operations, degrade customer experience, and potentially cause cascading failures in dependent systems. Although the vulnerability does not allow data theft or modification, the loss of availability can have significant operational and reputational consequences. Organizations with multi-tenant environments or exposed database endpoints are particularly at risk. Repeated exploitation could lead to prolonged downtime, impacting compliance with service level agreements and regulatory requirements such as GDPR, which mandates availability and resilience of personal data processing systems.

European organizations should promptly upgrade affected MongoDB Server instances to the fixed versions: 6.0.25 or later, 7.0.22 or later, 8.0.12 or later, and 8.1.2 or later. Until patches are applied, organizations should restrict database access strictly to trusted and authenticated users, minimizing the attack surface. Implement network-level controls such as IP whitelisting and VPNs to limit exposure of MongoDB endpoints. Monitor logs for unusual or malformed $group aggregation queries that could indicate attempted exploitation. Employ rate limiting on query submissions to reduce the risk of repeated triggering of the crash. Additionally, review and harden application-level input validation to prevent injection of malicious aggregation parameters. Regularly test backup and recovery procedures to ensure rapid restoration in case of service disruption. Finally, maintain up-to-date inventory of MongoDB deployments and versions to prioritize patching efforts effectively.