MongoDB Information Disclosure Vulnerability

Last Update Date: 30 Dec 2025 Release Date: 23 Dec 2025 11480 Views

RISK: High Risk

High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability was identified in MongoDB. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

 

Note:

CVE-2025-14847 is being exploited in the wild. MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client. Hence, the risk level is rated as High Risk.

 

[Updated on 2025-12-30]

Updated Description, Risk Level and Related Links.

Impact

  • Information Disclosure

System / Technologies affected

  • All MongoDB Server v3.6 versions
  • All MongoDB Server v4.0 versions
  • All MongoDB Server v4.2 versions
  • MongoDB versions 4.4.0 through 4.4.29
  • MongoDB versions 5.0.0 through 5.0.31
  • MongoDB versions 6.0.0 through 6.0.26
  • MongoDB versions 7.0.0 through 7.0.26
  • MongoDB versions 8.0.0 through 8.0.16
  • MongoDB versions 8.2.0 through 8.2.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

Vulnerability Identifier

Source

Related Link

Related Tags

MongoDBInformation DisclosureExploit In The Wild

Share with

Previous

SUSE Linux Kernel Multiple Vulnerabilities

1 Dec 2025 7604 Views

Next

QNAP NAS Multiple Vulnerabilities

5 Jan 2026 8661 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY