FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage

Affected packages
mongodb60 < 6.0.22
mongodb70 < 7.0.20

Details

VuXML ID 77dc1fc4-5bc5-11f0-834f-b42e991fc52e
Discovery 2025-07-07
Entry 2025-07-08

cna@mongodb.com reports:

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation.

[source]

References

CVE Name CVE-2025-6713
URL https://nvd.nist.gov/vuln/detail/CVE-2025-6713

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.