CVE-2025-6714 (GCVE-0-2025-6714)

Vulnerability from cvelistv5 – Published: 2025-07-07 14:48 – Updated: 2025-07-07 19:11
VLAI?
Summary
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-834 - Excessive Iteration
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc MongoDB Server Affected: 6.0 , < 6.0.23 (custom)
Affected: 7.0 , < 7.0.20 (custom)
Affected: 8.0 , < 8.0.9 (custom)
    cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.8:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-07T19:11:36.252213Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-07T19:11:47.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.8:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.23",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.20",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports."
        }
      ],
      "datePublic": "2025-07-07T14:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMongoDB Server\u0027s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9\u003c/p\u003e\u003cp\u003e\u003cb\u003eRequired Configuration:\u003c/b\u003e\u003c/p\u003e\u003cp\u003eThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\u003c/p\u003e"
            }
          ],
          "value": "MongoDB Server\u0027s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9\n\nRequired Configuration:\n\nThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-834",
              "description": "CWE-834 Excessive Iteration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T14:48:48.312Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-106753"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-6714",
    "datePublished": "2025-07-07T14:48:48.312Z",
    "dateReserved": "2025-06-26T11:58:50.544Z",
    "dateUpdated": "2025-07-07T19:11:47.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6714\",\"sourceIdentifier\":\"cna@mongodb.com\",\"published\":\"2025-07-07T15:15:29.263\",\"lastModified\":\"2025-10-03T20:50:07.963\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MongoDB Server\u0027s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9\\n\\nRequired Configuration:\\n\\nThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\"},{\"lang\":\"es\",\"value\":\"El componente Mongos de MongoDB Server puede dejar de responder a nuevas conexiones debido a la gesti\u00f3n incorrecta de datos incompletos. Esto afecta a MongoDB cuando se configura con compatibilidad con balanceadores de carga. Este problema afecta a MongoDB Server v6.0 anterior a 6.0.23, MongoDB Server v7.0 anterior a 7.0.20 y MongoDB Server v8.0 anterior a 8.0.9. Configuraci\u00f3n requerida: Afecta a los cl\u00fasteres fragmentados de MongoDB cuando se configura con compatibilidad con balanceadores de carga para Mongos mediante HAProxy en los puertos especificados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-834\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"A0C122F2-ECD8-4D32-83F9-F250270C87F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.20\",\"matchCriteriaId\":\"9F48294B-E0B3-4DED-B5DF-7D93B604C2B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.9\",\"matchCriteriaId\":\"F15A536B-BA38-43B2-9E14-4A3F369320F6\"}]}]}],\"references\":[{\"url\":\"https://jira.mongodb.org/browse/SERVER-106753\",\"source\":\"cna@mongodb.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6714\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-07T19:11:36.252213Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-07T19:11:42.752Z\"}}], \"cna\": {\"title\": \"Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.22:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.18:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.19:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.8:*:*:*:*:*:*:*\"], \"vendor\": \"MongoDB Inc\", \"product\": \"MongoDB Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.0.23\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.0.20\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-07-07T14:45:00.000Z\", \"references\": [{\"url\": \"https://jira.mongodb.org/browse/SERVER-106753\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"MongoDB Server\u0027s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9\\n\\nRequired Configuration:\\n\\nThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMongoDB Server\u0027s mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9\u003c/p\u003e\u003cp\u003e\u003cb\u003eRequired Configuration:\u003c/b\u003e\u003c/p\u003e\u003cp\u003eThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-834\", \"description\": \"CWE-834 Excessive Iteration\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cp\u003eThis affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.\u003c/p\u003e\u003c/div\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"shortName\": \"mongodb\", \"dateUpdated\": \"2025-07-07T14:48:48.312Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-6714\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-07T19:11:47.975Z\", \"dateReserved\": \"2025-06-26T11:58:50.544Z\", \"assignerOrgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"datePublished\": \"2025-07-07T14:48:48.312Z\", \"assignerShortName\": \"mongodb\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.