CVE-2025-6714: 
MongoDB vulnerability analysis and mitigation

MongoDB Server's mongos component has been identified with a vulnerability (CVE-2025-6714) that can cause the server to become unresponsive to new connections due to incorrect handling of incomplete data. The vulnerability affects MongoDB Server versions 6.0 prior to 6.0.23, 7.0 prior to 7.0.20, and 8.0 prior to 8.0.9, specifically when configured with load balancer support. The issue was discovered and disclosed on July 7, 2025 (NVD, MongoDB JIRA).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is associated with two Common Weakness Enumeration (CWE) categories: CWE-834 (Excessive Iteration) and CWE-400 (Uncontrolled Resource Consumption). The vulnerability specifically affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports (NVD).

The primary impact of this vulnerability is the potential for service disruption, as affected MongoDB servers can become unresponsive to new connections. This creates a denial of service condition that could affect the availability of the database service. The CVSS scoring indicates high impact on availability while maintaining confidentiality and integrity (NVD).

Users are advised to upgrade to the patched versions: MongoDB Server v6.0.23 or later, v7.0.20 or later, or v8.0.9 or later, depending on their current version (NVD, MongoDB JIRA).