CVE-2025-6709 – MongoDB Server is vulnerable to denial of servi... (How to Fix)

Q: What is the severity of CVE-2025-6709?

CVE-2025-6709 has a CVSS score of 7.5 (HIGH). MongoDB Server is vulnerable to denial of service when processing specific date values in JSON input during OIDC authentication. An attacker can crash the server by sending a malicious payload, affecting MongoDB v6.0, v7.0, and v8.0 versions. In v6.0, authentication is required for exploitation, while v7.0 and v8.0 allow unauthenticated attacks.

📋 TL;DR

MongoDB Server is vulnerable to denial of service when processing specific date values in JSON input during OIDC authentication. An attacker can crash the server by sending a malicious payload, affecting MongoDB v6.0, v7.0, and v8.0 versions. In v6.0, authentication is required for exploitation, while v7.0 and v8.0 allow unauthenticated attacks.

💻 Affected Systems

Products:

MongoDB Server

Versions: v6.0 prior to 6.0.21, v7.0 prior to 7.0.17, v8.0 prior to 8.0.5

Operating Systems: All platforms running MongoDB

Default Config Vulnerable: ⚠️ Yes

Notes: OIDC authentication must be enabled or configured for exploitation. v6.0 requires attacker authentication, while v7.0/v8.0 do not.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server crash leading to sustained service unavailability and potential data loss if replication is not properly configured.

🟠

Likely Case

Temporary service disruption requiring manual server restart, impacting application availability.

🟢

If Mitigated

Minimal impact with proper network segmentation, authentication requirements, and monitoring to detect and respond to attacks.

🌐 Internet-Facing: HIGH for v7.0/v8.0 due to unauthenticated exploit, MEDIUM for v6.0 requiring authentication.

🏢 Internal Only: MEDIUM for all versions as internal attackers could still cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specific malformed JSON via mongo shell or similar client. No public exploit code available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.0.21, v7.0.17, v8.0.5

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-106748

Restart Required: Yes

Instructions:

1. Download patched version from MongoDB website. 2. Stop MongoDB service. 3. Backup data and configuration. 4. Install updated version. 5. Restart MongoDB service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Disable OIDC Authentication

all

Temporarily disable OIDC authentication if not required, reducing attack surface.

Modify MongoDB configuration to remove OIDC settings and restart service

Network Access Control

all

Restrict MongoDB port access to trusted IP addresses only.

Configure firewall rules to limit access to MongoDB port (default 27017)

🧯 If You Can't Patch

Implement strict network segmentation to isolate MongoDB from untrusted networks
Enable comprehensive logging and monitoring for OIDC authentication attempts and server crashes

🔍 How to Verify

Check if Vulnerable:

Check MongoDB version and compare against affected versions. Verify if OIDC authentication is enabled in configuration.

Check Version:

db.version() in mongo shell or mongod --version

Verify Fix Applied:

Confirm MongoDB version is 6.0.21, 7.0.17, or 8.0.5 or higher. Test OIDC authentication functionality.

📡 Detection & Monitoring

Log Indicators:

Server crash logs with invariant failure messages
Unusual OIDC authentication attempts with malformed JSON
MongoDB service restart events

Network Indicators:

Multiple connection attempts to MongoDB OIDC endpoints with JSON payloads
Traffic patterns matching mongo shell commands

SIEM Query:

source="mongodb.log" AND ("invariant failure" OR "server crash" OR "OIDC authentication error")

📊 Metadata

CVE ID: CVE-2025-6709

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.15% exploit probability (36.1th percentile)

Published: June 26, 2025

Last Updated: September 15, 2025

🔗 References

https://jira.mongodb.org/browse/SERVER-106748 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6709, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable OIDC Authentication

Network Access Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities