CVE-2025-6714 HIGH

CVE-2025-6714: Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections

Vendor Mongodb Inc
Product MongoDB Server
Weakness CWE-834
Published July 7, 2025
Last update July 7, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

Key dates

02Disclosure timeline

July 7, 2025 CVE published
July 7, 2025 Record updated