CVE-2025-6713
Title: Mongodb Auth Bypass
Auth Bypass
Proof Of Concept
PoC Available for CVE-2025-6713
CWE Category
CWE-285
Published Date
Jul 07, 2025
Modified Date
Oct 03, 2025
Exploit Status
Available
Score
7.7
CVSS v3.1
Exploit Probability (EPSS)
0.43%
Vulnerability Summary
CVE-2025-6713: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB Server v8.0 versions prior to 8.0.7, MongoDB Server v7.0 versions prior to 7.0.19 and MongoDB Server v6.0 versions prior to 6.0.22
Impacted Vendors
Reference Links
CVSS v3.1
Source Entity
[email protected]
Severity
HIGH
7.7
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS v3.1
Source Entity
[email protected]
Severity
MEDIUM
6.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2025-6713 Exploits & PoCs (Proof Of Concept)
GitHub
https://github.com/c137req/CVE-2025-6713
MODIFIED
Vulnerability data or affected products updated.
MODIFIED
Vulnerability data updated via NVD.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Stack
No specific products linked.