CVE-2025-6714
- Source
- https://cve.org/CVERecord?id=CVE-2025-6714
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6714.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-6714
- Aliases
- Downstream
- Published
- 2025-07-07T15:15:29.263Z
- Modified
- 2026-04-12T19:16:09.409750Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9
Required Configuration:
This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r6.*
r6.0.0
r6.0.1
r6.0.1-rc0
r6.0.10
r6.0.10-rc0
r6.0.11
r6.0.11-rc0
r6.0.12
r6.0.12-rc0
r6.0.12-rc1
r6.0.13
r6.0.13-rc0
r6.0.14
r6.0.14-rc0
r6.0.14-rc1
r6.0.15
r6.0.15-rc0
r6.0.16
r6.0.16-rc0
r6.0.17
r6.0.17-rc0
r6.0.18
r6.0.18-rc0
r6.0.19
r6.0.2
r6.0.2-rc0
r6.0.2-rc1
r6.0.20
r6.0.20-rc0
r6.0.20-rc1
r6.0.20-rc2
r6.0.20-rc3
r6.0.21
r6.0.24-alpha0
r6.0.3
r6.0.3-rc0
r6.0.3-rc1
r6.0.3-rc2
r6.0.4
r6.0.4-rc0
r6.0.4-rc1
r6.0.5
r6.0.5-rc0
r6.0.5-rc1
r6.0.6
r6.0.6-rc0
r6.0.6-rc1
r6.0.7
r6.0.7-rc0
r6.0.8
r6.0.8-rc0
r6.0.9
r6.0.9-rc0
r6.0.9-rc1
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.16
r7.0.16-rc0
r7.0.16-rc1
r7.0.17
r7.0.18
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r8.*
r8.0.0
r8.0.1
r8.0.1-rc0
r8.0.2
r8.0.3
r8.0.4
r8.0.4-rc0
r8.0.5
r8.0.5-rc0
r8.0.5-rc1
r8.0.5-rc2
r8.0.6
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6714.json"
vanir_signatures
[
{
"digest": {
"length": 390.0,
"function_hash": "132516693247276787263887805533895046550"
},
"id": "CVE-2025-6714-1dbdee1e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "peekASIOStream",
"file": "src/mongo/transport/asio_utils.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"101781276284772865168675712272838712597",
"56417981313216764658621207674649068648",
"16634745935611203610537114409115873596",
"211408597154650187664697286668469155349",
"257902636512347588567825768894404710090",
"318871967685851277021630183047762218288",
"219907698980326816000241176138167815399",
"155510203797061803059536633286446248802",
"199046960674087561897618290780397982511",
"215243924814209484040365567268735485272",
"39228039433288446160247061884865055792",
"6445752041426966781883361135451080058",
"315472821533886907894976473228918525901",
"131926259515609607574641117248900411231",
"287887421114355075534395962605057554754",
"86692800669116583875245166818426937296",
"122285729318361417438020928140810647292"
]
},
"id": "CVE-2025-6714-22824467",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/transport/session_asio.cpp"
}
},
{
"digest": {
"length": 162.0,
"function_hash": "3951152627892568783041706271819584371"
},
"id": "CVE-2025-6714-3924dfb7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"34221222094321252984824904703776433088",
"12958559465881366977548522033950124365",
"221842925674585006818798237117454733649",
"263347738058326271587335987890597852949",
"103216819406726721004098484691057499773",
"11542523682846859402720489140573929851",
"278710985660278185133730137149287302901",
"193257014179881119912022824685874449761",
"4251211846117902085518279353750808116",
"35743522221919063457106997968441542667",
"283478562397307685068597836495544489260",
"37991441657753390193035083461284138039",
"257721037187772347078664216279477614076",
"29584854887033361419644004506766675471",
"294815745986170652150564573642163964504",
"11249167013026641313138738588465196832",
"42444733254612308435729020109087555848",
"196864818353556777389501705910305990039"
]
},
"id": "CVE-2025-6714-4a9aa170",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/util/future_util.h"
}
},
{
"digest": {
"length": 159.0,
"function_hash": "160403138526333153515007131353208847582"
},
"id": "CVE-2025-6714-4e65c0ba",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 223.0,
"function_hash": "96662765991766273923345140265063965089"
},
"id": "CVE-2025-6714-567a44f9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "prepareUnixSocketPair",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"91506481489190672963112293195166941457",
"202675099341112506244447290105175451390",
"91902501536356225172260548652453336820",
"86860680012724415599694138008352596034",
"327147882328055130544928802041441872680",
"66506971677392626403859156645544185685"
]
},
"id": "CVE-2025-6714-58aa52c9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/transport/transport_layer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"305177637872218324540452542786731142974",
"197050658275839402892033259161712402832",
"272975726093980931019128947706141652112",
"256018076457565798528773288093826207223"
]
},
"id": "CVE-2025-6714-5b94bdfe",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"file": "src/mongo/transport/asio/asio_utils.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184922752309999729316523108267730358413",
"84122730106724788479278105619067399859",
"112751149700226013417087990270970275699",
"199333754380407213189713363599575364438",
"30610792597029803303669365970004111005",
"87374175235163370695980831082060494596",
"292992901849639108393322739276093712814",
"77425240620795197929473083779437893110"
]
},
"id": "CVE-2025-6714-5eac0115",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/transport/transport_layer.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"84600387845128014381753519843293789077",
"324714017794577067810646541171685335033",
"163556110930853859369839934609602920132",
"86860680012724415599694138008352596034",
"327147882328055130544928802041441872680",
"66506971677392626403859156645544185685"
]
},
"id": "CVE-2025-6714-5f633443",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"file": "src/mongo/transport/transport_layer.cpp"
}
},
{
"digest": {
"length": 159.0,
"function_hash": "160403138526333153515007131353208847582"
},
"id": "CVE-2025-6714-61a91c5d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"305177637872218324540452542786731142974",
"197050658275839402892033259161712402832",
"272975726093980931019128947706141652112",
"256018076457565798528773288093826207223"
]
},
"id": "CVE-2025-6714-79efb8cb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/transport/asio_utils.h"
}
},
{
"digest": {
"length": 159.0,
"function_hash": "160403138526333153515007131353208847582"
},
"id": "CVE-2025-6714-7d8a66bf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 162.0,
"function_hash": "3951152627892568783041706271819584371"
},
"id": "CVE-2025-6714-808f9ca9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184922752309999729316523108267730358413",
"84122730106724788479278105619067399859",
"112751149700226013417087990270970275699",
"199333754380407213189713363599575364438",
"76391182908546729929748716088108705552",
"87374175235163370695980831082060494596",
"292992901849639108393322739276093712814",
"77425240620795197929473083779437893110"
]
},
"id": "CVE-2025-6714-8924ae7d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"file": "src/mongo/transport/transport_layer.h"
}
},
{
"digest": {
"length": 409.0,
"function_hash": "260728982747524274923481348190644903120"
},
"id": "CVE-2025-6714-90d50131",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "peekASIOStream",
"file": "src/mongo/transport/asio/asio_utils.h"
}
},
{
"digest": {
"length": 589.0,
"function_hash": "93869984551171695100937303984163163364"
},
"id": "CVE-2025-6714-94f79056",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "prepareTCPSocketPair",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 223.0,
"function_hash": "96662765991766273923345140265063965089"
},
"id": "CVE-2025-6714-a5ff2a05",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "prepareUnixSocketPair",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"50221232121332519474044886446197506483",
"138836435788090693907273162399600371613",
"3912156511981439530059485443965385400",
"31757178702405577976494618555554658630",
"156534527482079009760467893493280403821",
"222145644222860644902112366955307753719",
"219907698980326816000241176138167815399",
"155510203797061803059536633286446248802",
"199046960674087561897618290780397982511",
"215243924814209484040365567268735485272",
"39228039433288446160247061884865055792",
"6445752041426966781883361135451080058",
"315472821533886907894976473228918525901",
"131926259515609607574641117248900411231",
"287887421114355075534395962605057554754",
"86692800669116583875245166818426937296",
"122285729318361417438020928140810647292"
]
},
"id": "CVE-2025-6714-aab37970",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"file": "src/mongo/transport/asio/asio_session_impl.cpp"
}
},
{
"digest": {
"length": 159.0,
"function_hash": "160403138526333153515007131353208847582"
},
"id": "CVE-2025-6714-baae2115",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 162.0,
"function_hash": "3951152627892568783041706271819584371"
},
"id": "CVE-2025-6714-bf5ce822",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10215591648731158803586605366475063320",
"312275765089571614295425794175403745107",
"285021164067843056477450053939214363323",
"314606871279845561832664383449868689373",
"146330124870792678304574693729000018865",
"149676606088955151604483829178190027604",
"141970548201357552658671181523041250350",
"209756182103161590021968835776163383102",
"119204911603561618566602940066296882763",
"11259270602453296391189083984706975747",
"118046093224683182116870684283513262080",
"290313205065937158618970277234023928753",
"113253008192628314759716605114815714726",
"323735306464556354560888383420324521564",
"240897219466153264937270063452672684933",
"270567066786787311799033703908270780951",
"16658728207361715613375597647000896864",
"64080035747606109256436200854812943592",
"285328135870093974412098013555253339754",
"81169884525803001322669663562998939547",
"193385652201112625593198703077870641086",
"71303011428608137379232677551401868299",
"323798005147399617032993105989638563599",
"152528786376916213252801171630200758793",
"154936368104498378502533856697654822299",
"322619138698266310781703863198804587035",
"292189762998809067395078448848536976403",
"332746579657283425347693663696823520296",
"298315589153091643121985533174637895765",
"308325944067214767038289582378867736076",
"86358234131976151881615439037472040528",
"134929614148311782198460535360030971507",
"282954085212409360039217132648198569005",
"84949918298294630066717009835500015799",
"129693862023469845722696328599100630417",
"121595549003728653792317163455302015730",
"270556547255224902352377178502235728516",
"323984866630695236417583492015154906164",
"110600557191943271247237425445088281121"
]
},
"id": "CVE-2025-6714-c4f837d3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"file": "src/mongo/transport/asio/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 559.0,
"function_hash": "209892873893452143460101112260199906099"
},
"id": "CVE-2025-6714-c530bcff",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "prepareTCPSocketPair",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 1366.0,
"function_hash": "98433551542652032272169596832838580461"
},
"id": "CVE-2025-6714-dd5e9778",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/752f3754996f85fafc08382e931033891405f7b6",
"target": {
"function": "CommonAsioSession::parseProxyProtocolHeader",
"file": "src/mongo/transport/asio/asio_session_impl.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10215591648731158803586605366475063320",
"312275765089571614295425794175403745107",
"285021164067843056477450053939214363323",
"314606871279845561832664383449868689373",
"146330124870792678304574693729000018865",
"149676606088955151604483829178190027604",
"141970548201357552658671181523041250350",
"209756182103161590021968835776163383102",
"119204911603561618566602940066296882763",
"11259270602453296391189083984706975747",
"118046093224683182116870684283513262080",
"290313205065937158618970277234023928753",
"113253008192628314759716605114815714726",
"323735306464556354560888383420324521564",
"240897219466153264937270063452672684933",
"270567066786787311799033703908270780951",
"16658728207361715613375597647000896864",
"64080035747606109256436200854812943592",
"285328135870093974412098013555253339754",
"81169884525803001322669663562998939547",
"193385652201112625593198703077870641086",
"71303011428608137379232677551401868299",
"323798005147399617032993105989638563599",
"152528786376916213252801171630200758793",
"154936368104498378502533856697654822299",
"322619138698266310781703863198804587035",
"292189762998809067395078448848536976403",
"332746579657283425347693663696823520296",
"298315589153091643121985533174637895765",
"308325944067214767038289582378867736076",
"86358234131976151881615439037472040528",
"134929614148311782198460535360030971507",
"282954085212409360039217132648198569005",
"84949918298294630066717009835500015799",
"129693862023469845722696328599100630417",
"121595549003728653792317163455302015730",
"270556547255224902352377178502235728516",
"323984866630695236417583492015154906164",
"110600557191943271247237425445088281121"
]
},
"id": "CVE-2025-6714-e889f919",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 162.0,
"function_hash": "3951152627892568783041706271819584371"
},
"id": "CVE-2025-6714-e8e72592",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "TEST",
"file": "src/mongo/transport/asio_utils_test.cpp"
}
},
{
"digest": {
"length": 1290.0,
"function_hash": "176089770720886963703692052585012613370"
},
"id": "CVE-2025-6714-f781dd87",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/6cd3d8330d77735d45795147e3b5851207fe808b",
"target": {
"function": "TransportLayerASIO::ASIOSession::parseProxyProtocolHeader",
"file": "src/mongo/transport/session_asio.cpp"
}
}
]
vanir_signatures_modified
"2026-04-12T19:16:09Z"