Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MongoDb Incorrect Authorization Vulnerability (CVE-2025-6707) - Vulnerability Database

MongoDb Incorrect Authorization Vulnerability (CVE-2025-6707)

Description

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

References

CVE-2025-6707

Related Vulnerabilities

WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1101) Medium
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19215) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19216) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19217) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2025-6707
CWE-863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update
Known Vulnerabilities