{"id":"CVE-2025-6707","details":"Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.","aliases":["BIT-mongodb-2025-6707"],"modified":"2026-04-12T19:16:06.712639Z","published":"2025-06-26T14:15:35.313Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-93497"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"1184f004a99660de6f5e745573419bda8a28c0e9"},{"fixed":"e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7"},{"introduced":"e61bf27c2f6a83fed36e5a13c008a32d563babe2"},{"fixed":"c5423a4f25b3056ee2380ddc4e5e5fc3f5a6afc2"},{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"f8000eab713d5bacf517c27007b409c4edfc629b"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"07391eabd130b66d493b22cf46cb258acd7f290f"}],"database_specific":{"versions":[{"introduced":"5.0.0"},{"fixed":"5.0.31"},{"introduced":"6.0.0"},{"fixed":"6.0.24"},{"introduced":"7.0.0"},{"fixed":"7.0.21"},{"introduced":"8.0.0"},{"fixed":"8.0.5"}]}}],"versions":["r5.0.0","r5.0.1","r5.0.1-rc0","r5.0.10","r5.0.10-rc0","r5.0.11","r5.0.11-rc0","r5.0.11-rc1","r5.0.12","r5.0.12-rc0","r5.0.13","r5.0.13-rc0","r5.0.14","r5.0.14-rc0","r5.0.15","r5.0.15-rc0","r5.0.15-rc1","r5.0.15-rc2","r5.0.16","r5.0.16-rc0","r5.0.17","r5.0.17-rc0","r5.0.18","r5.0.18-rc0","r5.0.18-rc1","r5.0.18-rc2","r5.0.19","r5.0.19-rc0","r5.0.2","r5.0.2-rc0","r5.0.20","r5.0.20-rc0","r5.0.20-rc1","r5.0.21","r5.0.21-rc0","r5.0.22","r5.0.22-rc0","r5.0.22-rc1","r5.0.23","r5.0.23-rc0","r5.0.24","r5.0.24-rc0","r5.0.25","r5.0.25-rc0","r5.0.26","r5.0.26-rc0","r5.0.27","r5.0.27-rc0","r5.0.28","r5.0.28-rc0","r5.0.29","r5.0.29-rc0","r5.0.3","r5.0.3-rc0","r5.0.3-rc1","r5.0.3-rc2","r5.0.30","r5.0.31-rc0","r5.0.4","r5.0.4-rc0","r5.0.5","r5.0.5-rc0","r5.0.6","r5.0.6-rc0","r5.0.6-rc1","r5.0.6-rc2","r5.0.7","r5.0.7-rc0","r5.0.7-rc1","r5.0.8","r5.0.8-rc0","r5.0.9","r5.0.9-rc0","r5.0.9-rc1","r6.0.0","r6.0.1","r6.0.1-rc0","r6.0.10","r6.0.10-rc0","r6.0.11","r6.0.11-rc0","r6.0.12","r6.0.12-rc0","r6.0.12-rc1","r6.0.13","r6.0.13-rc0","r6.0.14","r6.0.14-rc0","r6.0.14-rc1","r6.0.15","r6.0.15-rc0","r6.0.16","r6.0.16-rc0","r6.0.17","r6.0.17-rc0","r6.0.18","r6.0.18-rc0","r6.0.19","r6.0.2","r6.0.2-rc0","r6.0.2-rc1","r6.0.20","r6.0.20-rc0","r6.0.20-rc1","r6.0.20-rc2","r6.0.20-rc3","r6.0.21","r6.0.24-alpha0","r6.0.3","r6.0.3-rc0","r6.0.3-rc1","r6.0.3-rc2","r6.0.4","r6.0.4-rc0","r6.0.4-rc1","r6.0.5","r6.0.5-rc0","r6.0.5-rc1","r6.0.6","r6.0.6-rc0","r6.0.6-rc1","r6.0.7","r6.0.7-rc0","r6.0.8","r6.0.8-rc0","r6.0.9","r6.0.9-rc0","r6.0.9-rc1","r7.0.0","r7.0.1","r7.0.1-rc0","r7.0.10","r7.0.10-rc0","r7.0.11","r7.0.11-rc0","r7.0.11-rc1","r7.0.11-rc2","r7.0.12","r7.0.12-rc0","r7.0.12-rc1","r7.0.13","r7.0.13-rc0","r7.0.13-rc1","r7.0.14","r7.0.14-rc0","r7.0.15","r7.0.15-rc0","r7.0.15-rc1","r7.0.16","r7.0.16-rc0","r7.0.16-rc1","r7.0.17","r7.0.18","r7.0.2","r7.0.2-rc0","r7.0.2-rc1","r7.0.2-rc2","r7.0.21-alpha0","r7.0.3","r7.0.3-rc0","r7.0.3-rc1","r7.0.4","r7.0.4-rc0","r7.0.5","r7.0.5-rc0","r7.0.6","r7.0.6-rc0","r7.0.7","r7.0.7-rc0","r7.0.7-rc1","r7.0.7-rc2","r7.0.8","r7.0.8-rc0","r7.0.9","r7.0.9-rc0","r7.0.9-rc1","r8.0.0","r8.0.1","r8.0.1-rc0","r8.0.2","r8.0.3","r8.0.4","r8.0.4-rc0","r8.0.5-rc0","r8.0.5-rc1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T19:16:06Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6707.json","vanir_signatures":[{"digest":{"line_hashes":["66747486518425923489000982985828416312","66965966368288672247966435120034690757","216452294733543330044469750897653841440","321073959764106855778235126773976578717","212982771766741900162197822039487310625","278079999784330475196550456161237500448","94858199688620481836041042337777616687","148807512214169000249497408166764724234","136451342793459111323744436382072994225","330133628046486975141314419369345094322","325658352348944307183031272830281185111","311618813173629078580658457448270110667","301936308844104445279166337006487839208"],"threshold":0.9},"id":"CVE-2025-6707-1b22917d","signature_type":"Line","target":{"file":"src/mongo/unittest/death_test.cpp"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["259138757267497787322732660740307019147","132000857137170557431027225526182190543","219296449103344026824906174079893054414","5720932185945374029998360576327319478"],"threshold":0.9},"id":"CVE-2025-6707-1d55842e","signature_type":"Line","target":{"file":"src/mongo/db/repl/oplog_applier_impl.cpp"},"source":"https://github.com/mongodb/mongo/commit/f8000eab713d5bacf517c27007b409c4edfc629b","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["259138757267497787322732660740307019147","132000857137170557431027225526182190543","219296449103344026824906174079893054414","5720932185945374029998360576327319478"],"threshold":0.9},"id":"CVE-2025-6707-30d30407","signature_type":"Line","target":{"file":"src/mongo/db/repl/oplog_applier_impl.cpp"},"source":"https://github.com/mongodb/mongo/commit/c5423a4f25b3056ee2380ddc4e5e5fc3f5a6afc2","deprecated":false,"signature_version":"v1"},{"digest":{"length":2399,"function_hash":"12797393877486761701991018199080732744"},"id":"CVE-2025-6707-43606e85","signature_type":"Function","target":{"function":"OplogApplierImpl::_run","file":"src/mongo/db/repl/oplog_applier_impl.cpp"},"source":"https://github.com/mongodb/mongo/commit/f8000eab713d5bacf517c27007b409c4edfc629b","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["55291228322113123472651093450521503599","180018901921691706908659934931964657311","26428813386726412500243738304337006991","66872429548502555232343484422131280617","27615411616634180615233341240025803872"],"threshold":0.9},"id":"CVE-2025-6707-437581b3","signature_type":"Line","target":{"file":"src/mongo/bson/json.h"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"},{"digest":{"length":2368,"function_hash":"254642164138027264659524708034929552096"},"id":"CVE-2025-6707-651640f6","signature_type":"Function","target":{"function":"OplogApplierImpl::_run","file":"src/mongo/db/repl/oplog_applier_impl.cpp"},"source":"https://github.com/mongodb/mongo/commit/c5423a4f25b3056ee2380ddc4e5e5fc3f5a6afc2","deprecated":false,"signature_version":"v1"},{"digest":{"length":959,"function_hash":"317059203157195173859428266013583839835"},"id":"CVE-2025-6707-98e95ab3","signature_type":"Function","target":{"function":"ShardServerOpObserver::onCreateCollection","file":"src/mongo/db/s/shard_server_op_observer.cpp"},"source":"https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["338095024408874251521027627609623809923","19517780008182253857358285612128038534","95532667481650364120857114228697583222","224358683231941325215866037278555672552"],"threshold":0.9},"id":"CVE-2025-6707-a50b1d1c","signature_type":"Line","target":{"file":"src/mongo/db/s/shard_server_op_observer.cpp"},"source":"https://github.com/mongodb/mongo/commit/e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["316812224940597349210802207153468412354","182540187870046299377185840611309772662","26235693254835517178998203862684720123","288365987673642931808837033988182548224","12634805768102346354597642259202202781","124963060713168580629168936788391930536","293631087943889812256072568006311929606","129313858920652648405295319762570784376","205723985492844250042200083227006731872","295305126718174767852394771211441977557","214372823518818284513240378260029913297","154839776255203802542823475742103318348","63966623324690558132458878876408542365","227886298463909455701668011020739809800","274719377545742581878851119981020161722","118018990569479107859615394364893193514","300711920207147043942293811610763238167","53728239849209811192533802918800223350","243132182210154584977178726137214177431","39369041185148501037962423918294899723","128474132530057300850619398133175026668","8186317940670349698100805971036852288","248484137817490873357539971574352476654","262181123974261924674842333426546494632","90278502623191581481154302716035029854"],"threshold":0.9},"id":"CVE-2025-6707-b49ba713","signature_type":"Line","target":{"file":"src/mongo/bson/json.cpp"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"},{"digest":{"length":626,"function_hash":"222574750477560596096716589933537609235"},"id":"CVE-2025-6707-b5a853d3","signature_type":"Function","target":{"function":"fromjson","file":"src/mongo/bson/json.cpp"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"},{"digest":{"length":1948,"function_hash":"47283986914761325475926390744079264293"},"id":"CVE-2025-6707-ce280be5","signature_type":"Function","target":{"function":"DeathTestBase::Subprocess::monitorChild","file":"src/mongo/unittest/death_test.cpp"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"},{"digest":{"length":89,"function_hash":"336468060843055155798902538574741651238"},"id":"CVE-2025-6707-f6d1e7e7","signature_type":"Function","target":{"function":"fromjson","file":"src/mongo/bson/json.cpp"},"source":"https://github.com/mongodb/mongo/commit/07391eabd130b66d493b22cf46cb258acd7f290f","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}