SecuriTricks - CVE-2025-6710

Description

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Product(s) Impacted

Vendor	Product	Versions
Mongodb	Mongodb Server	7.0, <7.0.17, <8.0.5, <6.0.21

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-674

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mongodb	mongodb_server	7.0	/	/	/	/	/	/	/
a	mongodb	mongodb_server	<7.0.17	/	/	/	/	/	/	/
a	mongodb	mongodb_server	<8.0.5	/	/	/	/	/	/	/
a	mongodb	mongodb_server	<6.0.21	/	/	/	/	/	/	/

References

https://jira.mongodb.org/browse/SERVER-106749

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: June 26, 2025, 2:15 p.m.
Last Modified: June 26, 2025, 6:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@mongodb.com

CVE-2025-6710