CVE-2025-6707

EUVD-2025-19227
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.2 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
mongodbCNA
4.2 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
mongodbmongodb
5.0.0 ≤
𝑥
< 5.0.31
mongodbmongodb
6.0.0 ≤
𝑥
< 6.0.24
mongodbmongodb
7.0.0 ≤
𝑥
< 7.0.21
mongodbmongodb
8.0.0 ≤
𝑥
< 8.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jira.mongodb.org/browse/SERVER-93497