CVE-2025-6714

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 6.0 prior to 6.0.23 MongoDB Server versions 7.0 prior to 7.0.20 MongoDB Server versions 8.0 prior to 8.0.9

Description: The issue affects MongoDB Server's mongos component, causing it to become unresponsive to new connections due to incorrect handling of incomplete data. This occurs when MongoDB is configured with load balancer support, specifically in sharded clusters using HAProxy on specified ports.

Recommendations: For MongoDB Server version 6.0, update to version 6.0.23 or later. For MongoDB Server version 7.0, update to version 7.0.20 or later. For MongoDB Server version 8.0, update to version 8.0.9 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-834

Related Identifiers

ALT-PU-2025-9742

ALT-PU-2025-9750

ALT-PU-2025-9809

ALT-PU-2025-9926

BDU:2025-09086

BIT-MONGODB-2025-6714

CVE-2025-6714

Affected Products

Alt Linux

Mongodb Server

Mongodb

Red Os

CVE-2025-6714

Weakness Enumeration

Related Identifiers

Affected Products

References · 14