POSTING DATE: 2026/01/06
[VULNERABILITY ALERT] MongoDB Contains High-Risk Security Vulnerability (CVE-2025-14847), Please Verify and Patch Immediately
- Subject: [VULNERABILITY ALERT] MongoDB Contains High-Risk Security Vulnerability (CVE-2025-14847), Please Verify and Patch Immediately
- Content Description:
- Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202601-00000030
- Researchers have discovered an Improper Handling of Length Parameter Inconsistency vulnerability (CVE-2025-14847) in MongoDB.
- An unauthenticated remote attacker can send specially crafted zlib-compressed communication packets to trigger an issue where the system fails to properly validate parameter lengths when processing decompressed data. This can lead to reading uninitialized memory contents during the document parsing process, resulting in sensitive information leakage. This vulnerability has already been exploited by hackers; please verify and patch as soon as possible.
- Affected Platforms:
- MongoDB versions 8.2.0 to 8.2.2
- MongoDB versions 8.0.0 to 8.0.16
- MongoDB versions 7.0.0 to 7.0.26
- MongoDB versions 6.0.0 to 6.0.26
- MongoDB versions 5.0.0 to 5.0.31
- MongoDB versions 4.4.0 to 4.4.29
- All versions of MongoDB Server 4.2
- All versions of MongoDB Server 4.0
- All versions of MongoDB Server 3.6
- Recommended Actions:
- Update MongoDB to version 8.2.3
- Update MongoDB to version 8.0.17
- Update MongoDB to version 7.0.28
- Update MongoDB to version 6.0.27
- Update MongoDB to version 5.0.32
- Update MongoDB to version 4.4.30
- If an update cannot be performed immediately, please refer to the official instructions for mitigation at: https://jira.mongodb.org/browse/SERVER-115508
- Reference Material:
Computer and Communication Center
Network Systems Division, Respectfully
