cbcvebase.
CVE-2025-6714
published 2025-07-07

CVE-2025-6714: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.31%
22.3th percentile
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

Affected

6 ranges
VendorProductVersion rangeFixed in
mongodbmongodb>= 6.0.0 < 6.0.236.0.23
mongodbmongodb>= 7.0.0 < 7.0.207.0.20
mongodbmongodb>= 8.0.0 < 8.0.98.0.9
mongodb_incmongodb_server>= 6.0 < 6.0.236.0.23
mongodb_incmongodb_server>= 7.0 < 7.0.207.0.20
mongodb_incmongodb_server>= 8.0 < 8.0.98.0.9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.