CVE-2025-6707

EPSS 0.05%
Published 26.06.2025 14:15:35
Last modified 26.09.2025 19:03:00
Source cna@mongodb.com
Teams watchlist Login
Open Login

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Mongodb ≫ Mongodb Version >= 5.0.0 < 5.0.31

Mongodb ≫ Mongodb Version >= 6.0.0 < 6.0.24

Mongodb ≫ Mongodb Version >= 7.0.0 < 7.0.21

Mongodb ≫ Mongodb Version >= 8.0.0 < 8.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
cna@mongodb.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://jira.mongodb.org/browse/SERVER-93497

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-6707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6707

EUVD