Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: wbennett on October 09, 2025, 06:27:08 PM

Title: OPNsense Security Audit
Post by: wbennett on October 09, 2025, 06:27:08 PM
Hello,

Ran a security on my OPNsense running the 25.7.5 and received the following:


"***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.5 (amd64) at Thu Oct  9 13:17:25 ADT 2025
Fetching vuln.xml.xz: .......... done
mongodb70-7.0.16_1 is vulnerable:
  MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior
  CVE: CVE-2025-6706
  WWW: https://vuxml.FreeBSD.org/freebsd/5e64770c-52aa-11f0-b522-b42e991fc52e.html

  MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage
  CVE: CVE-2025-6713
  WWW: https://vuxml.FreeBSD.org/freebsd/77dc1fc4-5bc5-11f0-834f-b42e991fc52e.html

  mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation
  CVE: CVE-2025-10060
  WWW: https://vuxml.FreeBSD.org/freebsd/6d16b410-a2ca-11f0-8402-b42e991fc52e.html

  MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB
  CVE: CVE-2025-6710
  WWW: https://vuxml.FreeBSD.org/freebsd/59ed4b19-52aa-11f0-b522-b42e991fc52e.html

  MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
  CVE: CVE-2025-6709
  WWW: https://vuxml.FreeBSD.org/freebsd/5b87eef6-52aa-11f0-b522-b42e991fc52e.html

  mongodb -- Malformed $group Query May Cause MongoDB Server to Crash
  CVE: CVE-2025-10061
  WWW: https://vuxml.FreeBSD.org/freebsd/a5395e02-a2ca-11f0-8402-b42e991fc52e.html

  MongoDB -- Race condition in privilege cache invalidation cycle
  CVE: CVE-2025-6707
  WWW: https://vuxml.FreeBSD.org/freebsd/5cd2bd2b-52aa-11f0-b522-b42e991fc52e.html

  MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs
  CVE: CVE-2025-6711
  WWW: https://vuxml.FreeBSD.org/freebsd/72ddee1f-5bc5-11f0-834f-b42e991fc52e.html

  MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
  CVE: CVE-2025-6714
  WWW: https://vuxml.FreeBSD.org/freebsd/79251dc8-5bc5-11f0-834f-b42e991fc52e.html

  mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query
  CVE: CVE-2025-10059
  WWW: https://vuxml.FreeBSD.org/freebsd/4329e3bd-a2ca-11f0-8402-b42e991fc52e.html

10 problem(s) in 1 installed package(s) found.
***DONE***

Anything to be concerned about?
Title: Re: OPNsense Security Audit
Post by: sy on October 10, 2025, 12:28:15 PM
Hi,

Zenarmor stopped MongoDB support with version 2.1. Please switch your reporting DB to Elasticsearch or SQLite. You can switch it without uninstalling Zenarmor. Please refer to the folllowing link for the instructions.

https://www.zenarmor.com/docs/troubleshooting/reporting#how-do-i-reinstall-the-reporting-database
Text only | Text with Images