CVE-2024-53900 + CVE-2025-23061
You can read the full technical discovery & analysis here: https://www.opswat.com/blog/technical-discovery-mongoose-cve-2025-23061-cve-2024-53900
Side note: I also created some challenges related to this CVE, I uploaded them to Dreamhack, you can try it here:
Related pages:
- https://www.facebook.com/VNISA.HCM/posts/pfbid033D1pUtgE2HLDYvNL9bnsQUGWnHtNSYRa8G9fkPptxxiC8X5PSgeQRUUMb7bPMuRfl
- https://www.techtimes.vn/lo-hong-trong-mongoose-cau-chuyen-tu-mot-thuc-tap-sinh-opswat-den-loi-canh-bao-toan-cau/
- https://vneconomy.vn/thuc-tap-sinh-opswat-viet-nam-phat-hien-hai-lo-hong-bao-mat-nghiem-trong-tren-mongoose.htm
- https://www.securityweek.com/vulnerabilities-in-mongodb-library-allow-rce-on-node-js-servers/
- https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/
- https://www.scworld.com/news/mongoose-odm-critical-rce-flaws-detailed-poc-exploits-revealed
- https://blog.criminalip.io/2025/03/14/mongoose/
- https://www.itpro.com/software/development/mongodb-third-party-app-flaws
- https://www.techtimes.vn/thuc-tap-sinh-tai-opswat-viet-nam-phat-hien-lo-hong-nghiem-trong-trong-mongoose/
This post is licensed under CC BY 4.0 by the author.