Details of VAR-202507-0473

ID

VAR-202507-0473

CVE

CVE-2025-6712

TITLE

MongoDB Server Resource Management Error Vulnerability (CNVD-2025-15516)

Trust: 0.6

sources: CNVD: CNVD-2025-15516

DESCRIPTION

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10. MongoDB Server is a distributed document database system from MongoDB

Trust: 1.44

sources: NVD: CVE-2025-6712 // CNVD: CNVD-2025-15516

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15516

AFFECTED PRODUCTS

vendor:

mongodb

model:

server

scope:

gte

version:

8.0,<8.0.10

Trust: 0.6

sources: CNVD: CNVD-2025-15516

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@mongodb.com:	CVE-2025-6712
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-15516
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15516
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@mongodb.com:	CVE-2025-6712
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-15516 // NVD: CVE-2025-6712

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.0

sources: NVD: CVE-2025-6712

PATCH

title:

Patch for MongoDB Server Resource Management Error Vulnerability (CNVD-2025-15516)

url:

https://www.cnvd.org.cn/patchInfo/show/706741

Trust: 0.6

sources: CNVD: CNVD-2025-15516

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6712	Trust: 1.6
db:	CNVD	id:	CNVD-2025-15516	Trust: 0.6

sources: CNVD: CNVD-2025-15516 // NVD: CVE-2025-6712

REFERENCES

url:	https://jira.mongodb.org/browse/server-106751	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6712	Trust: 0.6

sources: CNVD: CNVD-2025-15516 // NVD: CVE-2025-6712

SOURCES

db:	CNVD	id:	CNVD-2025-15516
db:	NVD	id:	CVE-2025-6712

LAST UPDATE DATE

2025-07-13T23:29:10.255000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15516	date:	2025-07-11T00:00:00
db:	NVD	id:	CVE-2025-6712	date:	2025-07-08T16:18:34.923

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15516	date:	2025-07-10T00:00:00
db:	NVD	id:	CVE-2025-6712	date:	2025-07-07T15:15:28.890