CVE-2025-6706

EUVD-2025-19177

26.06.2025, 14:15

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server.
The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
mongodb	CNA	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
mongodb	mongodb	6.0.0 ≤ 𝑥 < 6.0.21
mongodb	mongodb	7.0.0 ≤ 𝑥 < 7.0.17
mongodb	mongodb	8.0.0 ≤ 𝑥 < 8.0.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mongodb

bionic	deferred
focal	deferred
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	deferred
xenial	deferred

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://jira.mongodb.org/browse/SERVER-106746