Primary

Context

MongoDB Server Privilege Cache Invalidation Race Condition Vulnerability

Vulnerability

Patched

A race condition vulnerability has been identified in MongoDB Server that allows an authenticated user request to be executed with outdated privileges. This issue arises after an authorized administrator makes a change, and it affects MongoDB Server versions 5.0 prior to 5.0.31, 6.0 prior to 6.0.24, 7.0 prior to 7.0.21, and 8.0 prior to 8.0.5.

Impact

Exploitation of this vulnerability can lead to incorrect authorization, allowing users to retain stale privileges after an administrator has made changes.

Reproduction

The vulnerability can be reproduced by an authenticated user who requests privileges shortly after an administrator has made changes to privilege assignments. This can create a window where the user's request is processed with the old privileges, before the changes take effect.

Remediation

Users can upgrade to MongoDB Server versions 5.0.31, 6.0.24, 7.0.21, or 8.0.5 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Privilege Cache Invalidation Race Condition Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating