Race condition in privilege cache invalidation cycle

June 26, 2025 invoker category_cve

CVE Details

Basic Information

Title Race condition in privilege cache invalidation cycle
Type cve
Published 2025-06-26T14:04:46.283Z
Last Seen

Product Information

Vendor MongoDB Inc
Product MongoDB Server
Version 5.0

CVSS Information

Base Score 4.2 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A race condition in MongoDB Server allows authenticated users to execute requests with stale privileges after administrative changes, affecting versions prior to 5.0.31, 6.0.24, 7.0.21, and 8.0.5.
AI Severity Medium
Vendor MongoDB Inc
Product MongoDB Server
Affected Version 5.0.0-5.0.30, 6.0.0-6.0.23, 7.0.0-7.0.20, 8.0.0-8.0.4

Affected Products

  • MongoDB Inc MongoDB Server 5.0
  • MongoDB Inc MongoDB Server 6.0
  • MongoDB Inc MongoDB Server 7.0
  • MongoDB Inc MongoDB Server 8.0

Additional Information

CVE List
CWE List CWE-863
Bulletin Family

Description

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.