CVE-2025-6709

Published Jun 26, 2025

Last updated 22 days ago

CVSS high 7.5

Overview

Description
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.
Source
cna@mongodb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cna@mongodb.com
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-6709 (CVSS:7.5, HIGH) is Awaiting Analysis. The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values ..https://t.co/eLCBQidu3J #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    1 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Vulnerabilidad del servidor MongoDB ❗CVE-2025-6709 ➡️Más info: https://t.co/Vb1FALzFdD https://t.co/VCSOMu6fCP

    @CERTpy

    30 Jun 2025

    150 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-6709: Improper Input Validation in MongoDB Server, 7.5 rating❗️ Due to insufficient handling of values ​​in JSON input data, MongoDB servers are vulnerable to DoS. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/7IeK3YAiDW #cybersecurity #vulnerabil

    @Netlas_io

    27 Jun 2025

    289 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-6709 The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. Th… https://t.co/u2WJXH0KWV

    @CVEnew

    26 Jun 2025

    332 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.