CVE-2025-6710
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-09-15

Assigner: MongoDB, Inc.

Description
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-09-15
Generated
2026-05-07
AI Q&A
2025-06-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6710
EUVD
EUVD-2025-19230
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mongodb mongodb From 8.1.0 (inc) to 8.1.2 (inc)
mongodb mongodb From 8.1.0 (inc) to 8.1.2 (inc)
mongodb mongodb From 8.1.0 (inc) to 8.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in MongoDB Server involves a stack overflow caused by the JSON parsing mechanism. Specifically crafted JSON inputs can trigger excessive recursion, consuming too much stack space and leading to a stack overflow. This overflow can cause the server to crash, potentially without requiring authentication depending on the version.


How can this vulnerability impact me? :

The vulnerability can cause the MongoDB Server to crash, resulting in a denial of service. For versions 7.0 prior to 7.0.17 and 8.0 prior to 8.0.5, this can happen without authentication, making it easier for attackers to disrupt service. For version 6.0 prior to 6.0.21, an attacker must be authenticated to cause denial of service.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately upgrade MongoDB Server to version 7.0.17 or later if you are using the 7.0 series, or to version 8.0.5 or later if you are using the 8.0 series. For the 6.0 series, upgrade to version 6.0.21 or later. These updates contain fixes that prevent the stack overflow caused by crafted JSON inputs. Additionally, consider restricting network access to MongoDB servers to trusted clients only and monitor for unusual crashes or denial of service symptoms until the upgrade is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart