CVE-2025-6714

EUVD-2025-20263

07.07.2025, 15:15

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9

Required Configuration:

This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mongodb	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
mongodb	mongodb	6.0.0 ≤ 𝑥 < 6.0.23
mongodb	mongodb	7.0.0 ≤ 𝑥 < 7.0.20
mongodb	mongodb	8.0.0 ≤ 𝑥 < 8.0.9

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mongodb

bionic	deferred
focal	deferred
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	deferred
xenial	deferred

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://jira.mongodb.org/browse/SERVER-106753