CVE-2025-6713

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.7 MongoDB Server versions prior to 7.0.20 MongoDB Server versions prior to 6.0.22

Description: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorization.

Recommendations: For MongoDB Server versions prior to 8.0.7, update to version 8.0.7 or later. For MongoDB Server versions prior to 7.0.20, update to version 7.0.20 or later. For MongoDB Server versions prior to 6.0.22, update to version 6.0.22 or later.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALT-PU-2025-9742

ALT-PU-2025-9750

ALT-PU-2025-9809

ALT-PU-2025-9926

BDU:2025-11726

BIT-MONGODB-2025-6713

CVE-2025-6713

Affected Products

Alt Linux

Mongodb Server

Mongodb

Red Os

CVE-2025-6713

Weakness Enumeration

Related Identifiers

Affected Products

References · 15