CVE-2025-23061

Vulnerability Description

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

Vulnerability Details

Published Date

January 15, 2025

Last Modified

October 31, 2025

Source

NVD

CVE-2025-23061

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment