CVE-2025-6707

MEDIUM

MongoDB 5.0.0-5.0.30 - Authenticated Privilege Escalation via Stale Privilege Execution

Title source: llm
STIX 2.1

Description

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory
https://jira.mongodb.org/browse/SERVER-93497

Scores

CVSS v3 4.2
EPSS 0.0014
EPSS Percentile 3.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (1)
mongodb/mongodb 5.0.0 - 5.0.31
Published Jun 26, 2025
Tracked Since Feb 18, 2026