Summary: A critical vulnerability in Mongoose, a widely used MongoDB object modeling tool, has been identified, exposing millions to potential search injection attacks. Tracked as CVE-2025-23061 with a CVSS score of 9.0, it affects versions prior to 8.9.5 and arises from improper handling of nested filters. Users are urged to upgrade to the latest version to safeguard against unauthorized data access.

Threat Actor: Unknown | unknown
Victim: Mongoose Users | Mongoose

Keypoints :

• Vulnerability CVE-2025-23061 affects Mongoose versions before 8.9.5.
• Improper handling of nested $where filters allows attackers to manipulate search results.
• Users are strongly recommended to upgrade to version 8.9.5 to mitigate risks.