CVE-2025-6714Uncontrolled Resource Consumption in INC Mongodb Server

CWE-400Uncontrolled Resource ConsumptionCWE-834Excessive Iteration4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 79.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedJul 7

Description

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server6.06.0.23+2
NVDmongodb/mongodb6.0.06.0.23+2

🔴Vulnerability Details

3
OSV
CVE-2025-6714: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data2025-07-07
GHSA
GHSA-4cp7-9f6j-9x6f: MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data2025-07-07
CVEList
Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections2025-07-07
CVE-2025-6714 — Uncontrolled Resource Consumption | cvebase