CVE-2025-6707

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.24 MongoDB Server versions prior to 7.0.21 MongoDB Server versions prior to 8.0.5

Description: The issue allows an authenticated user request to execute with stale privileges following an intentional change by an authorized administrator.

Recommendations: For MongoDB Server versions prior to 5.0.31, update to version 5.0.31 or later. For MongoDB Server versions prior to 6.0.24, update to version 6.0.24 or later. For MongoDB Server versions prior to 7.0.21, update to version 7.0.21 or later. For MongoDB Server versions prior to 8.0.5, update to version 8.0.5 or later.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2025-8810

ALT-PU-2025-9742

ALT-PU-2025-9750

ALT-PU-2025-9809

BDU:2025-11759

BIT-MONGODB-2025-6707

CVE-2025-6707

Affected Products

Alt Linux

Mongodb Server

Mongodb

Red Os

CVE-2025-6707

Weakness Enumeration

Related Identifiers

Affected Products

References · 15