MongoDB Server v6.0 versions prior to 6.0.21 also contain the vulnerability, though exploitation requires successful authentication, reducing the immediate threat surface but still presenting risks from authenticated users. Organizations unable to implement immediate patches should consider implementing network-level access controls, disabling OIDC authentication temporarily if not critical to operations, or deploying web application firewalls capable of filtering malicious JSON payloads. The network-based attack vector (AV:N) combined with low attack complexity (AC:L) makes this vulnerability particularly concerning for internet-facing MongoDB deployments or those accessible through compromised network segments. According to the advisory, Security teams should prioritize immediate patching to the latest stable releases: MongoDB Server 6.0.21, 7.0.17, or 8.0.5, depending on their current deployment version. A critical pre-authentication denial of service vulnerability was identified as CVE-2025-6709, affecting multiple versions of MongoDB Server across its 6.0, 7.0, and 8.0 release branches. Malicious JSON payloads with crafted date values sent via MongoDB shell exploit OIDC authentication flaws. The attack mechanism bypasses traditional authentication requirements, making it particularly dangerous as it enables unauthenticated remote attackers to disrupt database operations. With a CVSS score of 7.5, this high-severity flaw poses significant risks to organizations running vulnerable MongoDB deployments in production environments.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 27 Jun 2025 10:40:10 +0000