CVE-2025-6714
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-10-03
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
| mongodb | mongodb | From 8.1.0 (inc) to 8.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-834 | The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the mongos component of MongoDB Server when it is configured with load balancer support. Due to incorrect handling of incomplete data, mongos can become unresponsive to new connections. This affects specific versions of MongoDB Server prior to 6.0.23, 7.0.20, and 8.0.9 when used in sharded clusters with HAProxy load balancing on specified ports.
How can this vulnerability impact me? :
The vulnerability can cause the mongos component to become unresponsive to new connections, leading to potential denial of service in MongoDB sharded clusters configured with load balancer support. This can disrupt database availability and impact applications relying on MongoDB for data access.