CVE-2025-6706Use After Free in INC Mongodb Server

CWE-416Use After Free5 documents5 sources
Severity
8.8HIGHNVD
CNA5.0
EPSS
0.1%
top 76.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedJun 26

Description

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version pr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server6.06.0.21+2
NVDmongodb/mongodb6.0.06.0.21+2

🔴Vulnerability Details

3
CVEList
Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server2025-06-26
GHSA
GHSA-9pjr-27w4-fm42: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not ha2025-06-26
OSV
CVE-2025-6706: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not ha2025-06-26

📋Vendor Advisories

1
Microsoft
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have ce2019-01-08
CVE-2025-6706 — Use After Free in INC Mongodb Server | cvebase