PT-2025-26973 · Mongodb+2 · Mongodb Server+3
Published
2025-06-26
·
Updated
2025-09-16
·
CVE-2025-6709
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
MongoDB Server versions prior to 6.0.21
MongoDB Server versions 7.0.0 through 7.0.16
MongoDB Server versions 8.0.0 through 8.0.4
Description:
The MongoDB Server is susceptible to a denial of service issue due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced by sending a malicious JSON payload, leading to an invariant failure and server crash. An attacker can induce denial of service after authenticating, in the case of MongoDB Server v6.0.
Recommendations:
For MongoDB Server versions prior to 6.0.21, update to version 6.0.21 or later.
For MongoDB Server versions 7.0.0 through 7.0.16, update to version 7.0.17 or later.
For MongoDB Server versions 8.0.0 through 8.0.4, update to version 8.0.5 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mongodb Server
Mongodb
Red Os