CVE-2025-6707

Published: Jun 26, 2025Modified: Sep 26, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Affected (4)

Products: Mongodb: Mongodb

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mongodb Mongodb	From 5.0.0 to 5.0.31
Mongodb Mongodb	From 6.0.0 to 6.0.24
Mongodb Mongodb	From 7.0.0 to 7.0.21
Mongodb Mongodb	From 8.0.0 to 8.0.5

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://jira.mongodb.org/browse/SERVER-93497

Source: cna@mongodb.com

Issue TrackingVendor Advisory

Timeline

No history available yet.