CVE-2025-6709

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-106748	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*

History

15 Sep 2025, 14:09

Type	Values Removed	Values Added
First Time		Mongodb Mongodb mongodb
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:mongodb:mongodb:::::-:::*
References	~~() https://jira.mongodb.org/browse/SERVER-106748 -~~	() https://jira.mongodb.org/browse/SERVER-106748 - Issue Tracking, Vendor Advisory

26 Jun 2025, 18:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 14:15

Updated : 2025-09-15 14:09

NVD link : CVE-2025-6709

Mitre link : CVE-2025-6709

CVE.ORG link : CVE-2025-6709

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2025-6709", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T14:15:35.463", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-106748", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.\n\nThe same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating."}, {"lang": "es", "value": "MongoDB Server es susceptible a una vulnerabilidad de denegaci\u00f3n de servicio debido al manejo incorrecto de valores de fecha espec\u00edficos en la entrada JSON al usar la autenticaci\u00f3n OIDC. Esto puede reproducirse mediante el shell de Mongo para enviar u payload JSON maliciosa, lo que provoca un fallo invariante y un bloqueo del servidor. Este problema afecta a las versiones 7.0 y 8.0 de MongoDB Server anteriores a la 7.0.17 y anteriores a la 8.0.5 de MongoDB Server. El mismo problema afecta a las versiones 6.0 y 6.0.21 de MongoDB Server, pero un atacante solo puede inducir la denegaci\u00f3n de servicio despu\u00e9s de la autenticaci\u00f3n."}], "lastModified": "2025-09-15T14:09:46.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "70C1D1C7-0822-4382-AEBD-FED9490491A0", "versionEndExcluding": "6.0.21", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7E13B043-4482-48D1-9874-A6C210462A4A", "versionEndExcluding": "7.0.17", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "564B8805-F93C-4F12-B29B-4EF3DD83CC9E", "versionEndExcluding": "8.0.5", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}