Data Management and Analytics

In Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7, and 5.0.0 through 5.0.2
a high severity vulnerability CVE-2025-24860 was detected. This vulnerability allows users to access unauthorized datacenters or IP/CIDR groups and modify their own permissions via DCL statements. To fix this issue, users should upgrade to versions 4.0.16, 4.1.8, or 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24860.

In MongoDB Server versions 6.0 prior to 6.0.21, 7.0 prior to 7.0.17, and 8.0 prior to 8.0.4 a high severity vulnerability CVE-2025-6706 was detected. This vulnerability allows authenticated users to trigger a use-after-free condition that may result in a MongoDB Server crash and other unexpected behavior, even without authorization to shut down the server. To address this issue users must upgrade to versions 6.0.21, 7.0.17, or 8.0.4 respectively. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6706.

In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6709 was detected. This vulnerability allows attackers to trigger a denial of service by submitting specially crafted JSON input containing specific date values when using OIDC authentication. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6709.

In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6710 was detected. This vulnerability allows attackers to trigger a stack overflow by sending specially crafted JSON inputs that induce deep recursion during parsing, leading to server crashes. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6710.

In MongoDB Server versions prior to 5.0.31, 6.0.24, 7.0.21 and 8.0.5 a medium severity vulnerability CVE-2025-6707 was detected. This vulnerability allows authenticated users to execute requests with stale privileges under certain conditions, even after an authorized administrator has modified their access rights. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.24, 7.0.21 or 8.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6707.

In Kibana versions up to and including 7.17.28, 8.0.0 up to and including 8.17.7, 8.18.0 up to and including 8.18.2 and 9.0.0 up to and including 9.0.2 a medium severity vulnerability CVE-2025-25012 was detected. This vulnerability allows attackers to redirect users to untrusted sites and potentially perform server-side request forgery (SSRF) via specially crafted URLs. To address this issue, users should upgrade Kibana to versions 7.17.29, 8.17.8, 8.18.3 or 9.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25012.

In MLflow versions prior to 3.1.0 a medium severity vulnerability CVE-2025-52967 was detected. This vulnerability is caused by the lack of `gateway_path` validation in the `gateway_proxy_handler`, which may allow attackers to manipulate request routing or access unintended resources. To address this issue, users should upgrade MLflow to versions 3.1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52967.

In ClickHouse versions 25.7.1.557 a low severity vulnerability CVE-2025-52969 was detected. This vulnerability allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users and, if they can influence the script path used by the table engine, potentially escalate privileges and execute unauthorized code in the context of the ClickHouse server. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52969.

In Grafana versions before 11.6.2 a low severity vulnerability CVE-2025-1088 was detected. This vulnerability allows excessively long dashboard titles or panel names to cause Chromium-based browsers to become unresponsive due to improper input validation. To address this issue, users should upgrade Grafana to versions 11.6.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1088.