CVE-2025-6714

EPSS 0.03%
Veröffentlicht 07.07.2025 14:48:48
Zuletzt bearbeitet 03.10.2025 20:50:07
Quelle cna@mongodb.com
CVE-Watchlists
Login
Unerledigt
Login

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9

Required Configuration:

This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Mongodb SwEdition- Version >= 6.0.0 < 6.0.23

Mongodb ≫ Mongodb SwEdition- Version >= 7.0.0 < 7.0.20

Mongodb ≫ Mongodb SwEdition- Version >= 8.0.0 < 8.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@mongodb.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://jira.mongodb.org/browse/SERVER-106753

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-6714

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6714

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6714

EUVD