Data Management and Analytics

In MongoDB Server version 8.1.0 a high severity vulnerability CVE-2025-7259 was detected. This vulnerability allows authorized users to issue queries with duplicate id fields, leading to unexpected behavior and potentially causing the server to crash. This may result in a denial of service. To address this issue users must upgrade to a patched version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7259.

In MongoDB Server versions prior to 6.0.23, 7.0.20, and 8.0.9 a medium severity vulnerability CVE-2025-6714 was detected. This vulnerability allows attackers to send malformed data that can make the MongoDB server stop responding to new connections. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6714.

In MongoDB Server versions prior to 8.0.7 (8.0 series), 7.0.20 (7.0 series), and 6.0.22 (6.0 series) a medium severity vulnerability CVE-2025-6713 was detected. This vulnerability allows unauthorized users to access data by exploiting improper handling of the $mergeCursors stage in aggregation pipelines. The flaw can lead to exposure of data without proper authorization. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6713.

In PyTorch version 2.6.0+cu124 a medium severity vulnerability CVE-2025-4287 was detected. This vulnerability affects the torch.cuda.nccl.reduce function in the torch/cuda/nccl.py file and may lead to denial of service. The issue can be exploited locally, and details of the exploit have been publicly disclosed. To address this issue, users must apply the patch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4287.

In PyTorch version 2.5.1 and prior a critical severity vulnerability CVE-2025-32434 was detected. This vulnerability allows remote command execution (RCE) when loading a model. To address this issue users must upgrade to version 2.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32434.

In Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7, and 5.0.0 through 5.0.2
a high severity vulnerability CVE-2025-24860 was detected. This vulnerability allows users to access unauthorized datacenters or IP/CIDR groups and modify their own permissions via DCL statements. To fix this issue, users should upgrade to versions 4.0.16, 4.1.8, or 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24860.

In MongoDB Server versions 6.0 prior to 6.0.21, 7.0 prior to 7.0.17, and 8.0 prior to 8.0.4 a high severity vulnerability CVE-2025-6706 was detected. This vulnerability allows authenticated users to trigger a use-after-free condition that may result in a MongoDB Server crash and other unexpected behavior, even without authorization to shut down the server. To address this issue users must upgrade to versions 6.0.21, 7.0.17, or 8.0.4 respectively. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6706.

In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6709 was detected. This vulnerability allows attackers to trigger a denial of service by submitting specially crafted JSON input containing specific date values when using OIDC authentication. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6709.

In MongoDB Server versions prior to 7.0.17, 8.0.5 and 6.0.21 a high severity vulnerability CVE-2025-6710 was detected. This vulnerability allows attackers to trigger a stack overflow by sending specially crafted JSON inputs that induce deep recursion during parsing, leading to server crashes. To address this issue, users should upgrade MongoDB Server to versions 7.0.17, 8.0.5 or 6.0.21. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6710.