BIT-mongodb-2025-6707

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-6707.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-mongodb-2025-6707

Aliases

CVE-2025-6707

Published

2025-09-16T08:47:32.697Z

Modified

2025-09-16T09:44:29.800145Z

Summary

Race condition in privilege cache invalidation cycle

Details

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"
    ]
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

5.0.31

Introduced

6.0.0

Fixed

6.0.24

Introduced

7.0.0

Fixed

7.0.21

Introduced

8.0.0

Fixed

8.0.5