{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6707", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2025-06-26T11:09:08.157Z", "datePublished": "2025-06-26T14:04:46.283Z", "dateUpdated": "2025-06-27T03:55:27.008Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "MongoDB Server", "vendor": "MongoDB Inc", "versions": [{"lessThan": "5.0.31", "status": "affected", "version": "5.0", "versionType": "custom"}, {"lessThan": "6.0.24", "status": "affected", "version": "6.0", "versionType": "custom"}, {"lessThan": "7.0.21", "status": "affected", "version": "7.0", "versionType": "custom"}, {"lessThan": "8.0.5", "status": "affected", "version": "8.0", "versionType": "custom"}]}], "datePublic": "2025-06-26T11:09:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5."}], "value": "Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-06-26T14:04:46.283Z"}, "references": [{"url": "https://jira.mongodb.org/browse/SERVER-93497"}], "source": {"discovery": "INTERNAL"}, "title": "Race condition in privilege cache invalidation cycle", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-6707"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T03:55:27.008Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T17:39:40.294844Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T17:39:27.727Z"}}], "cna": {"title": "Race condition in privilege cache invalidation cycle", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:6.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*"], "vendor": "MongoDB Inc", "product": "MongoDB Server", "versions": [{"status": "affected", "version": "5.0", "lessThan": "5.0.31", "versionType": "custom"}, {"status": "affected", "version": "6.0", "lessThan": "6.0.24", "versionType": "custom"}, {"status": "affected", "version": "7.0", "lessThan": "7.0.21", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "8.0.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-06-26T11:09:00.000Z", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-93497"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.", "supportingMedia": [{"type": "text/html", "value": "Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2025-06-26T14:04:46.283Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6707", "state": "PUBLISHED", "dateUpdated": "2025-06-27T03:55:27.008Z", "dateReserved": "2025-06-26T11:09:08.157Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2025-06-26T14:04:46.283Z", "assignerShortName": "mongodb"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "matchCriteriaId": "778BE562-0F98-4690-AFE2-1D8F32DBCFD4", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "matchCriteriaId": "D7100BE5-A7C1-4BA0-825B-A98D64F75D2B", "versionEndExcluding": "6.0.24", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "matchCriteriaId": "1C059CAD-BB68-47C0-9ED2-FCC0ED428674", "versionEndExcluding": "7.0.21", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "matchCriteriaId": "564B8805-F93C-4F12-B29B-4EF3DD83CC9E", "versionEndExcluding": "8.0.5", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5."}, {"lang": "es", "value": "En determinadas circunstancias, una solicitud de usuario autenticado podr\u00eda ejecutarse con privilegios obsoletos tras un cambio intencionado por parte de un administrador autorizado. Este problema afecta a MongoDB Server v5.0 (versi\u00f3n anterior a la 5.0.31), MongoDB Server v6.0 (versi\u00f3n anterior a la 6.0.24), MongoDB Server v7.0 (versi\u00f3n anterior a la 7.0.21) y MongoDB Server v8.0 (versi\u00f3n anterior a la 8.0.5)."}], "id": "CVE-2025-6707", "lastModified": "2025-09-15T14:24:24.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-26T14:15:35.313", "references": [{"source": "cna@mongodb.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/SERVER-93497"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{}