CVE-2025-6714
published 2025-07-07CVE-2025-6714: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.31%
22.3th percentile
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9
Required Configuration:
This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 6.0.0 < 6.0.23 | 6.0.23 |
| mongodb | mongodb | >= 7.0.0 < 7.0.20 | 7.0.20 |
| mongodb | mongodb | >= 8.0.0 < 8.0.9 | 8.0.9 |
| mongodb_inc | mongodb_server | >= 6.0 < 6.0.23 | 6.0.23 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.20 | 7.0.20 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.9 | 8.0.9 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-6714: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data
osv·2025-07-07·CVSS 7.5
CVE-2025-6714 [HIGH] CVE-2025-6714: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
GHSA
GHSA-4cp7-9f6j-9x6f: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data
ghsa_unreviewed·2025-07-07
CVE-2025-6714 [HIGH] CWE-400 GHSA-4cp7-9f6j-9x6f: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9
Required Configuration:
This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-07
Published