Heap Memory Exposure in MongoDB Server Versions by MongoDB
CVE-2025-14847

8.7HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 19 December 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 35,000💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 68%🦅 CISA Reported📰 News Worthy

What is CVE-2025-14847?

CVE-2025-14847 is a vulnerability identified in various versions of the MongoDB server, a widely used NoSQL database designed to handle large volumes of data in a flexible and scalable manner. This vulnerability stems from mismatched length fields in the Zlib compressed protocol headers, which could allow unauthenticated clients to read uninitialized memory from the server's heap. Such a memory exposure poses significant risks, as it could unintentionally reveal sensitive information stored in memory to malicious actors, potentially leading to unauthorized data access or exploitation of other vulnerabilities within the system. Affected versions include MongoDB Server v3.6 through v8.2, leaving many installations of the database vulnerable if they are not updated or patched promptly.

Potential impact of CVE-2025-14847

Sensitive Data Exposure: The primary concern with CVE-2025-14847 is the potential for unauthorized access to sensitive data that may reside in uninitialized memory. This could include encryption keys, user credentials, or other vital information, exposing organizations to data breaches.
Increased Attack Surface: By allowing unauthenticated clients to exploit this vulnerability, the attack surface of MongoDB installations expands significantly. This could facilitate further attacks, such as injections or obtaining sensitive configuration data, leading to additional compromises within the network.
Operational Disruption: Exploitation of this vulnerability could lead to crashes or inconsistent behavior within the affected MongoDB servers. Such disruptions could impact service availability and data integrity, resulting in significant downtime and a negative effect on business operations.

CISA has reported CVE-2025-14847

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-14847 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

MongoDB Server 8.2 < 8.2.3

MongoDB Server 8.0 < 8.0.17

MongoDB Server 7.0 < 7.0.28

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14847
Created by ProbiusOfficial

CVE-2025-14847_Expolit
Created by cybertechajju

CVE-2025-14847
Created by onewinner