CVE-2025-6714

CVE Database · CVE-2025-6714

CVE-2025-6714

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

0.31%

Published

Jul 7, 2025

Modified

Oct 3, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400CWE-834

Affected Products (3)

mongodb · mongodb (up to 6.0.23)vulnerable

mongodb · mongodb (up to 7.0.20)vulnerable

mongodb · mongodb (up to 8.0.9)vulnerable

References (1)

https://jira.mongodb.org/browse/SERVER-106753

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs