#VU111869 Externally Controlled Reference to a Resource in Another Sphere in MongoDB - CVE-2024-8207
Published: June 24, 2025
Vulnerability identifier: #VU111869
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-8207
CWE-ID: CWE-610
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
MongoDB
MongoDB
Software vendor:
MongoDB, Inc.
MongoDB, Inc.
Description
The vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists in certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems. A local privileged user with host-level access to cause the MongoDB Server binary can load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process
Remediation
Install updates from vendor's website.