{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11695", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2025-10-13T16:15:52.158Z", "datePublished": "2025-10-13T16:22:57.417Z", "dateUpdated": "2026-02-26T17:47:45.550Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Rust Driver", "vendor": "MongoDB", "versions": [{"lessThan": "v3.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p></p></b><b></b><p><span style=\"background-color: transparent;\">When tlsInsecure=False appears in a connection string, certificate validation is disabled.</span></p><p><span style=\"background-color: transparent;\">This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5</span></p><p></p><br><br><br><br>"}], "value": "When tlsInsecure=False appears in a connection string, certificate validation is disabled.\n\nThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-10-13T16:22:57.417Z"}, "references": [{"url": "https://jira.mongodb.org/browse/RUST-2264"}], "source": {"discovery": "INTERNAL"}, "title": "Configuration may unexpectedly disable certificate validation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-21T03:55:20.406674Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:47:45.550Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-21T03:55:20.406674Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T14:29:13.207Z"}}], "cna": {"title": "Configuration may unexpectedly disable certificate validation", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MongoDB", "product": "Rust Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "v3.2.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://jira.mongodb.org/browse/RUST-2264"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "When tlsInsecure=False appears in a connection string, certificate validation is disabled.\n\nThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5", "supportingMedia": [{"type": "text/html", "value": "<b><p></p></b><b></b><p><span style=\"background-color: transparent;\">When tlsInsecure=False appears in a connection string, certificate validation is disabled.</span></p><p><span style=\"background-color: transparent;\">This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5</span></p><p></p><br><br><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-10-13T16:22:57.417Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11695", "state": "PUBLISHED", "dateUpdated": "2026-02-26T17:47:45.550Z", "dateReserved": "2025-10-13T16:15:52.158Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2025-10-13T16:22:57.417Z", "assignerShortName": "mongodb"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:rust_driver:*:*:*:*:*:mongodb:*:*", "matchCriteriaId": "212C628C-FC4A-4C6D-9C40-33C62F39EE3D", "versionEndExcluding": "3.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When tlsInsecure=False appears in a connection string, certificate validation is disabled.\n\nThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5"}], "id": "CVE-2025-11695", "lastModified": "2025-12-04T21:36:42.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-13T17:15:34.190", "references": [{"source": "cna@mongodb.com", "tags": ["Vendor Advisory"], "url": "https://jira.mongodb.org/browse/RUST-2264"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "mongodb: MongoDB rust driver may unexpectedly disable certificate validation", "id": "2403578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403578"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["When tlsInsecure=False appears in a connection string, certificate validation is disabled.\nThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-11695", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/fluentd-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Affected", "package_name": "openshift-logging/cluster-logging-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Affected", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Affected", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Affected", "package_name": "openshift-logging/log-file-metric-exporter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:6", "fix_state": "Affected", "package_name": "openshift-logging/vector-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}], "public_date": "2025-10-13T16:22:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11695\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11695\nhttps://github.com/mongodb/mongo-rust-driver/commit/21ed6aeeea386628621b36a6af2a1a248cc87dcf\nhttps://jira.mongodb.org/browse/RUST-2264"], "threat_severity": "Important"}

{"created": "2025-10-20T16:13:28.021417+00:00", "updated": "2025-10-20T16:13:28.021449+00:00", "vendors": ["mongodb", "mongodb$PRODUCT$rust-driver"]}