How to fix CVE-2025-6706?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Use After Free affected by CVE-2025-6706?

CVE-2025-6706 presents moderate security risk, a use-after-free vulnerability rated CVSS 5.0. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-6706

EUVD-2025-19177 MEDIUM

2025-06-26 [email protected]

5.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2025-19177

CVE Published

Jun 26, 2025 - 14:15 nvd

MEDIUM 5.0

Description

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.

Analysis

Technical Context

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).

Affected Products

Affected products: Mongodb Mongodb

Remediation

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +25

POC: 0

Vendor Status

Ubuntu

Priority: Medium

mongodb

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
bionic	deferred	2026-02-18
focal	deferred	2026-02-18
trusty	deferred	2026-02-18
upstream	released	6.0.21, 7.0.17, 8.0.4
questing	DNE	-
xenial	deferred	2026-02-18

Debian

mongodb

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

CVE-2025-6706 vulnerability details – vuln.today

Back

CVE-2025-6706

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-6706

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code