CVE-2025-13644 is a vulnerability classified under CWE-617 (Reachable Assertion) affecting MongoDB Server versions 7.0 prior to 7.0.26, 8.0 prior to 8.0.13, and 8.1 prior to 8.1.2. The issue arises during batched delete operations where the server incorrectly assumes the presence of multiple documents in a batch based solely on the size of a document exceeding BSONObjMaxSize, the maximum BSON object size. This incorrect assumption leads to an invariant failure, triggering an assertion that causes the MongoDB server process to crash, resulting in a denial of service (DoS) condition. The vulnerability does not affect confidentiality or integrity but impacts availability. The CVSS v3.1 score is 6.5 (medium), reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and a scope limited to the vulnerable component. No known exploits have been reported in the wild as of the publication date. The vulnerability is significant for environments where MongoDB is used for critical data operations, as unexpected crashes can disrupt services and lead to downtime. The root cause is a logic flaw in handling batch deletes, specifically in the server's internal validation of document batches based on size rather than actual document count. This flaw can be triggered remotely by an attacker with low privileges who can send crafted delete requests. MongoDB Inc. has released patches in versions 7.0.26, 8.0.13, and 8.1.2 to address this issue, but no direct patch links were provided in the source information.

For European organizations, the primary impact of CVE-2025-13644 is denial of service due to server crashes during batched delete operations in MongoDB. This can lead to unplanned downtime, disruption of business-critical applications, and potential loss of availability for services relying on MongoDB databases. Sectors such as finance, healthcare, telecommunications, and government agencies that depend heavily on MongoDB for real-time data processing and storage may experience operational interruptions. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact can affect service level agreements (SLAs), customer trust, and regulatory compliance, especially under GDPR mandates that require maintaining service continuity and data availability. Additionally, recovery from crashes may require manual intervention and could increase operational costs. The requirement of low privileges for exploitation means insider threats or compromised accounts could trigger the vulnerability, increasing risk within internal networks. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat of future exploitation.

European organizations should prioritize upgrading MongoDB Server to the fixed versions 7.0.26, 8.0.13, or 8.1.2 as soon as possible to eliminate this vulnerability. Until patches are applied, organizations should implement strict access controls to limit who can perform batched delete operations, ideally restricting this capability to trusted administrators only. Network segmentation and firewall rules should be enforced to restrict access to MongoDB instances, minimizing exposure to potentially malicious actors. Monitoring and alerting should be enhanced to detect abnormal batched delete requests or server crashes indicative of exploitation attempts. Additionally, organizations should review and harden their MongoDB configurations, disabling unnecessary features and enabling audit logging to track delete operations. Regular backups and tested recovery procedures are essential to minimize downtime in case of crashes. Finally, educating internal teams about the risk and signs of exploitation can improve incident response readiness.