CVE-2025-6707
Race condition in privilege cache invalidation cycle
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
0th
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.
| CWE | CWE-863 |
| Vendor | mongodb inc |
| Product | mongodb server |
| Published | Jun 26, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for mongodb inc mongodb server
Be the first to know when new medium vulnerabilities affecting mongodb inc mongodb server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
MongoDB Inc / MongoDB Server
5.0 < 5.0.31 6.0 < 6.0.24 7.0 < 7.0.21 8.0 < 8.0.5