Stack Overflow Vulnerability in MongoDB Server Impacting Specific Versions
CVE-2025-6710

7.5HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-6710?

MongoDB Server is potentially vulnerable to a stack overflow due to issues in its JSON parsing mechanism. Specifically crafted JSON inputs can trigger excessive recursion, leading to significant stack space consumption. This can result in a crash of the server, which may happen even before user authentication is performed. For authenticated users, there remains a risk of denial of service in MongoDB Server v6.0. Organizations using versions prior to 6.0.21, 7.0.17, and 8.0.5 should prioritize patching to mitigate this vulnerability.

Affected Version(s)

MongoDB Server 6.0 < 6.0.21

MongoDB Server 7.0 < 7.0.17

MongoDB Server 8.0 < 8.0.5

References

https://jira.mongodb.org/browse/SERVER-106749

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 26, 2025