FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

Affected packages
mongodb60 < 6.0.21
mongodb70 < 7.0.17
mongodb80 < 8.0.5

Details

VuXML ID 5b87eef6-52aa-11f0-b522-b42e991fc52e
Discovery 2025-06-26
Entry 2025-06-26

NVD reports:

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash.

[source]

References

CVE Name CVE-2025-6709
URL https://nvd.nist.gov/vuln/detail/CVE-2025-6709

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.