MongoDB Information Disclosure Vulnerability Last Update Date: 30 Dec 2025 Release Date: 23 Dec 2025 9913 Views RISK: High Risk High Risk TYPE: Servers - Database Servers A vulnerability was identified in MongoDB. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system. Note: CVE-2025-14847 is being exploited in the wild. MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client. Hence, the risk level is rated as High Risk. [Updated on 2025-12-30] Updated Description, Risk Level and Related Links. Impact Information Disclosure System / Technologies affected All MongoDB Server v3.6 versions All MongoDB Server v4.0 versions All MongoDB Server v4.2 versions MongoDB versions 4.4.0 through 4.4.29 MongoDB versions 5.0.0 through 5.0.31 MongoDB versions 6.0.0 through 6.0.26 MongoDB versions 7.0.0 through 7.0.26 MongoDB versions 8.0.0 through 8.0.16 MongoDB versions 8.2.0 through 8.2.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://jira.mongodb.org/browse/SERVER-115508 Vulnerability Identifier CVE-2025-14847 Source MongoDB Related Link https://jira.mongodb.org/browse/SERVER-115508 https://www.cisa.gov/news-events/alerts/2025/12/29/cisa-adds-one-known-exploited-vulnerability-catalog Related Tags MongoDB Information Disclosure Exploit In The Wild Share with