CVE-2025-6709Improper Input Validation in INC Mongodb Server

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 63.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedJun 26

Description

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can onl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server7.07.0.17+2
NVDmongodb/mongodb6.0.06.0.21+2

🔴Vulnerability Details

3
GHSA
GHSA-5cq2-33xv-h4mm: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC2025-06-26
CVEList
Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication2025-06-26
OSV
CVE-2025-6709: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC2025-06-26
CVE-2025-6709 — Improper Input Validation | cvebase