MongoDB 6.0.x < 6.0.25 / 7.0.x < 7.0.21 / 8.0.x < 8.0.5 / 8.1.0-rc0 (SERVER-51366)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(277469);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/12");

  script_cve_id("CVE-2025-10491");
  script_xref(name:"IAVB", value:"2025-B-0199-S");

  script_name(english:"MongoDB  6.0.x < 6.0.25 / 7.0.x < 7.0.21  / 8.0.x < 8.0.5 / 8.1.0-rc0 (SERVER-51366)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of MongoDB installed on the remote host is 6.0 prior to 6.0.25 , 7.0 prior to 7.0.21, 8.0 prior to 8.0.5, 
and 8.1.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-51366 advisory.

  - The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a 
    local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects 
    MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB 
    Server v8.0 version prior to 8.0.5. (CVE-2025-10491)

  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
  number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-51366");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MongoDB version 6.0.25, 7.0.21, 8.0.5, 8.1.0-rc0, or later.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-10491");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/04");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mongodb:mongodb");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mongodb_win_installed.nbin", "mongodb_detect.nasl");
  script_require_keys("installed_sw/MongoDB");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'MongoDB', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints' : [
          { 'min_version' : '6.0', 'fixed_version' : '6.0.25' },
          { 'min_version' : '7.0', 'fixed_version' : '7.0.21' },
          { 'min_version' : '8.0', 'fixed_version' : '8.0.5', 'fixed_display' : '8.0.5 / 8.1.0-rc0' }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING, check_backporting:TRUE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);