Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS
Posted: Sun Jun 29, 2025 3:07 pm
A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication.
The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes.
https://gbhackers.com/pre-auth-flaw-in-mongodb-server/
The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes.
https://gbhackers.com/pre-auth-flaw-in-mongodb-server/