Unredacted Query Exposure in MongoDB Server by MongoDB Inc.
CVE-2025-6711

4.4MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-6711?

A vulnerability has been discovered in MongoDB Server that could lead to the exposure of sensitive unredacted queries in server logs under specific error conditions. This issue affects earlier versions of MongoDB Server v8.0, v7.0, and v6.0, posing a risk to data confidentiality and potentially impacting user data security. Developers and administrators should be aware of this potential exposure and take appropriate steps to mitigate the risks by upgrading to the latest versions.

Affected Version(s)

MongoDB Server 6.0 < 6.0.21

MongoDB Server 7.0 < 7.0.18

MongoDB Server 8.0 < 8.0.5

References

https://jira.mongodb.org/browse/SERVER-98720

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jun 26, 2025