IRONSMITHINTEL
HIGHCVSS7.5
|
Actively Exploited
|CISA KEV|CVE-2025-14847|Auth: none — unauthenticated|Reboot: required|Manual only

MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability

MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.

Published Dec 19, 2025 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss. Federal agencies are required to remediate by 2026-01-19 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-130) (CWE-130) vulnerability in MongoDB MongoDB and MongoDB Server. Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running mongodb: 3.6.0 ≤ v < 4.4.30, 5.0.0 ≤ v < 5.0.32, 6.0.0 ≤ v < 6.0.27, 7.0.0 ≤ v < 7.0.28, 8.0.0 ≤ v < 8.0.17, 8.2.0 ≤ v < 8.2.3
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://www.smartkeyss.com/post/mongobleed-pre-auth-memory-disclosure-via-op_compressed-in-mongodb-cve-2025-14847

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

    1
    Vendor advisory: https://jira.mongodb.org/browse/SERVER-115508
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-14847
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14847
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2025-14847NVDVendor Advisory