CVE-2025-14847

216.73.217.22

· Published 19/12/2025 12:15 · Modified 26/01/2026 10:21 · Author: The MITRE Corporation

Labels: CVE-2025-14847 2025-12-19 CVE-2025-14847 [email protected]

Essential information

Published: 19/12/2025 12:15
Modified: 26/01/2026 10:21
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 7.5 HIGH (v3.1) 8.7 HIGH (v4.0)
CISA KEV: Yes
CWE: —
CVSS vector: CVSS:3.1/AV:N/C:H/I:N/A:N

CVSS metrics

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

CVE-2025-14847

Essential information

CVSS metrics

Description

NVD status

References

Related entities

Attack reports (3)