Database

In MongoDB Server versions prior to 8.0.10 a medium severity vulnerability CVE-2025-6712 was detected. This vulnerability allows attackers to cause the MongoDB server to crash by triggering excessive memory usage. To fix this issue users should upgrade MongoDB to version 8.0.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6712.

In MongoDB Server versions prior to 8.0.5 (8.0 series), 7.0.18 (7.0 series), and 6.0.21 (6.0 series) a medium severity vulnerability CVE-2025-6711 was detected. This vulnerability allows attackers to access sensitive query data that may be unintentionally logged by the MongoDB server. To fix this issue users should upgrade MongoDB to versions 8.0.5, 7.0.18, 6.0.21, and 8.1.0-rc0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6711.

In Redis versions prior to 8.0.3, 7.4.5, 7.2.10, and 6.2.19 a medium severity vulnerability CVE-2025-48367 was detected. This vulnerability allows attackers to cause a denial of service by sending malformed connection requests that disrupt Redis server operation. To fix this issue users should upgrade Redis to versions 8.0.3, 7.4.5, 7.2.10, and 6.2.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48367.

In Redis versions from 2.8 up to 8.0.3, 7.4.5, 7.2.10, and 6.2.19 a high severity vulnerability CVE-2025-32023 was detected. This vulnerability allows attackers to run malicious code on the server by exploiting a flaw in how Redis handles certain commands, potentially taking full control of the system. To fix this issue uesers should upgrade Redis to versions 8.0.3, 7.4.5, 7.2.10, and 6.2.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32023.

In MongoDB Server version 8.1.0 a high severity vulnerability CVE-2025-7259 was detected. This vulnerability allows authorized users to issue queries with duplicate id fields, leading to unexpected behavior and potentially causing the server to crash. This may result in a denial of service. To address this issue users must upgrade to a patched version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7259.

In MongoDB Server versions prior to 6.0.23, 7.0.20, and 8.0.9 a medium severity vulnerability CVE-2025-6714 was detected. This vulnerability allows attackers to send malformed data that can make the MongoDB server stop responding to new connections. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6714.

In MongoDB Server versions prior to 8.0.7 (8.0 series), 7.0.20 (7.0 series), and 6.0.22 (6.0 series) a medium severity vulnerability CVE-2025-6713 was detected. This vulnerability allows unauthorized users to access data by exploiting improper handling of the $mergeCursors stage in aggregation pipelines. The flaw can lead to exposure of data without proper authorization. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6713.

In Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7, and 5.0.0 through 5.0.2
a high severity vulnerability CVE-2025-24860 was detected. This vulnerability allows users to access unauthorized datacenters or IP/CIDR groups and modify their own permissions via DCL statements. To fix this issue, users should upgrade to versions 4.0.16, 4.1.8, or 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24860.

In MongoDB Server versions 6.0 prior to 6.0.21, 7.0 prior to 7.0.17, and 8.0 prior to 8.0.4 a high severity vulnerability CVE-2025-6706 was detected. This vulnerability allows authenticated users to trigger a use-after-free condition that may result in a MongoDB Server crash and other unexpected behavior, even without authorization to shut down the server. To address this issue users must upgrade to versions 6.0.21, 7.0.17, or 8.0.4 respectively. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6706.