Externally Controlled Reference to a Resource in Another Sphere in MongoDB - CVE-2024-8207
Published: June 24, 2025
Vulnerability identifier: #VU111869
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-8207
CWE-ID: CWE-610
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MongoDB, Inc.
Affected software:
MongoDB
MongoDB
Detailed vulnerability description
The vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists in certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems. A local privileged user with host-level access to cause the MongoDB Server binary can load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process
How to mitigate CVE-2024-8207
Install updates from vendor's website.