CVE-2025-12119: MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
References
- github.com/advisories/GHSA-mwcc-7vpp-xmv9
- github.com/mongodb/mongo-c-driver/releases/tag/1.30.6
- github.com/mongodb/mongo-c-driver/releases/tag/2.1.2
- github.com/mongodb/mongo-php-driver
- github.com/mongodb/mongo-php-driver/commit/fa5b43366407bc0e5b0a919ed374decd9022b2f9
- github.com/mongodb/mongo-php-driver/releases/tag/1.21.2
- jira.mongodb.org/browse/PHPC-2637
- nvd.nist.gov/vuln/detail/CVE-2025-12119
Code Behaviors & Features
Detect and mitigate CVE-2025-12119 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →