CVE-2025-23061 | Mongoose up to 6.13.5/7.8.3/8.9.4 Incomplete Fix CVE-2024-53900 populate where code injection

CVE-2025-23061 | Mongoose up to 6.13.5/7.8.3/8.9.4 Incomplete Fix CVE-2024-53900 populate where code injection

A vulnerability was found in Mongoose up to 6.13.5/7.8.3/8.9.4. It has been rated as critical. This issue affects the function populate of the component Incomplete Fix CVE-2024-53900. The manipulation of the argument where leads to code injection. The identification of this vulnerability is CVE-2025-23061. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.