PT-2025-26974 · Mongodb+2 · Mongodb Server+3
Published
2025-06-26
·
Updated
2025-09-16
·
CVE-2025-6710
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
MongoDB Server versions prior to 6.0.21
MongoDB Server versions prior to 7.0.17
MongoDB Server versions prior to 8.0.5
Description:
The issue is related to the JSON parsing mechanism in MongoDB Server, where specifically crafted JSON inputs can induce unwarranted levels of recursion, resulting in excessive stack space consumption. This can lead to a stack overflow that causes the server to crash, potentially occurring pre-authorisation. In MongoDB Server v6.0, an attacker can only induce denial of service after authenticating.
Recommendations:
For MongoDB Server versions prior to 6.0.21, update to version 6.0.21 or later to resolve the issue.
For MongoDB Server versions prior to 7.0.17, update to version 7.0.17 or later to resolve the issue.
For MongoDB Server versions prior to 8.0.5, update to version 8.0.5 or later to resolve the issue.
Fix
DoS
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mongodb Server
Mongodb
Red Os