{"cve_id":"CVE-2025-14847","summary":"Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.75002,"ranking_epss":0.98862,"kev":true,"propose_action":"MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.","ransomware_campaign":"Unknown","references":["https://jira.mongodb.org/browse/SERVER-115508","http://www.openwall.com/lists/oss-security/2025/12/29/21","https://www.smartkeyss.com/post/mongobleed-pre-auth-memory-disclosure-via-op_compressed-in-mongodb-cve-2025-14847","https://www.vicarius.io/vsociety/posts/cve-2025-14847-detection-script-heap-memory-exposure-in-mongodb-server","https://www.vicarius.io/vsociety/posts/cve-2025-14847-mitigation-script-heap-memory-exposure-in-mongodb-server","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14847"],"published_time":"2025-12-19T11:15:49","cpes":["cpe:2.3:a:mongodb:mongodb:3.6.0","cpe:2.3:a:mongodb:mongodb:3.6.1","cpe:2.3:a:mongodb:mongodb:3.6.10","cpe:2.3:a:mongodb:mongodb:3.6.11","cpe:2.3:a:mongodb:mongodb:3.6.12","cpe:2.3:a:mongodb:mongodb:3.6.13","cpe:2.3:a:mongodb:mongodb:3.6.14","cpe:2.3:a:mongodb:mongodb:3.6.15","cpe:2.3:a:mongodb:mongodb:3.6.16","cpe:2.3:a:mongodb:mongodb:3.6.17","cpe:2.3:a:mongodb:mongodb:3.6.18","cpe:2.3:a:mongodb:mongodb:3.6.2","cpe:2.3:a:mongodb:mongodb:3.6.20","cpe:2.3:a:mongodb:mongodb:3.6.3","cpe:2.3:a:mongodb:mongodb:3.6.4","cpe:2.3:a:mongodb:mongodb:3.6.5","cpe:2.3:a:mongodb:mongodb:3.6.6","cpe:2.3:a:mongodb:mongodb:3.6.7","cpe:2.3:a:mongodb:mongodb:3.6.8","cpe:2.3:a:mongodb:mongodb:3.6.9","cpe:2.3:a:mongodb:mongodb:4.0.0","cpe:2.3:a:mongodb:mongodb:4.0.1","cpe:2.3:a:mongodb:mongodb:4.0.10","cpe:2.3:a:mongodb:mongodb:4.0.11","cpe:2.3:a:mongodb:mongodb:4.0.12","cpe:2.3:a:mongodb:mongodb:4.0.13","cpe:2.3:a:mongodb:mongodb:4.0.14","cpe:2.3:a:mongodb:mongodb:4.0.15","cpe:2.3:a:mongodb:mongodb:4.0.16","cpe:2.3:a:mongodb:mongodb:4.0.17","cpe:2.3:a:mongodb:mongodb:4.0.18","cpe:2.3:a:mongodb:mongodb:4.0.19","cpe:2.3:a:mongodb:mongodb:4.0.2","cpe:2.3:a:mongodb:mongodb:4.0.20","cpe:2.3:a:mongodb:mongodb:4.0.21","cpe:2.3:a:mongodb:mongodb:4.0.22","cpe:2.3:a:mongodb:mongodb:4.0.23","cpe:2.3:a:mongodb:mongodb:4.0.24","cpe:2.3:a:mongodb:mongodb:4.0.25","cpe:2.3:a:mongodb:mongodb:4.0.26","cpe:2.3:a:mongodb:mongodb:4.0.27","cpe:2.3:a:mongodb:mongodb:4.0.3","cpe:2.3:a:mongodb:mongodb:4.0.4","cpe:2.3:a:mongodb:mongodb:4.0.5","cpe:2.3:a:mongodb:mongodb:4.0.6","cpe:2.3:a:mongodb:mongodb:4.0.7","cpe:2.3:a:mongodb:mongodb:4.0.8","cpe:2.3:a:mongodb:mongodb:4.0.9","cpe:2.3:a:mongodb:mongodb:4.2.0","cpe:2.3:a:mongodb:mongodb:4.2.1","cpe:2.3:a:mongodb:mongodb:4.2.10","cpe:2.3:a:mongodb:mongodb:4.2.11","cpe:2.3:a:mongodb:mongodb:4.2.12","cpe:2.3:a:mongodb:mongodb:4.2.13","cpe:2.3:a:mongodb:mongodb:4.2.14","cpe:2.3:a:mongodb:mongodb:4.2.15","cpe:2.3:a:mongodb:mongodb:4.2.16","cpe:2.3:a:mongodb:mongodb:4.2.17","cpe:2.3:a:mongodb:mongodb:4.2.18","cpe:2.3:a:mongodb:mongodb:4.2.2","cpe:2.3:a:mongodb:mongodb:4.2.3","cpe:2.3:a:mongodb:mongodb:4.2.4","cpe:2.3:a:mongodb:mongodb:4.2.5","cpe:2.3:a:mongodb:mongodb:4.2.6","cpe:2.3:a:mongodb:mongodb:4.2.7","cpe:2.3:a:mongodb:mongodb:4.2.8","cpe:2.3:a:mongodb:mongodb:4.2.9","cpe:2.3:a:mongodb:mongodb:4.3.0","cpe:2.3:a:mongodb:mongodb:4.3.1","cpe:2.3:a:mongodb:mongodb:4.3.2","cpe:2.3:a:mongodb:mongodb:4.3.3","cpe:2.3:a:mongodb:mongodb:4.4.0","cpe:2.3:a:mongodb:mongodb:4.4.1","cpe:2.3:a:mongodb:mongodb:4.4.10","cpe:2.3:a:mongodb:mongodb:4.4.11","cpe:2.3:a:mongodb:mongodb:4.4.2","cpe:2.3:a:mongodb:mongodb:4.4.29","cpe:2.3:a:mongodb:mongodb:4.4.3","cpe:2.3:a:mongodb:mongodb:4.4.4","cpe:2.3:a:mongodb:mongodb:4.4.5","cpe:2.3:a:mongodb:mongodb:4.4.6","cpe:2.3:a:mongodb:mongodb:4.4.7","cpe:2.3:a:mongodb:mongodb:4.4.8","cpe:2.3:a:mongodb:mongodb:4.4.9","cpe:2.3:a:mongodb:mongodb:5.0.0","cpe:2.3:a:mongodb:mongodb:5.0.1","cpe:2.3:a:mongodb:mongodb:5.0.10","cpe:2.3:a:mongodb:mongodb:5.0.11","cpe:2.3:a:mongodb:mongodb:5.0.12","cpe:2.3:a:mongodb:mongodb:5.0.13","cpe:2.3:a:mongodb:mongodb:5.0.14","cpe:2.3:a:mongodb:mongodb:5.0.15","cpe:2.3:a:mongodb:mongodb:5.0.16","cpe:2.3:a:mongodb:mongodb:5.0.17","cpe:2.3:a:mongodb:mongodb:5.0.18","cpe:2.3:a:mongodb:mongodb:5.0.19","cpe:2.3:a:mongodb:mongodb:5.0.2","cpe:2.3:a:mongodb:mongodb:5.0.20","cpe:2.3:a:mongodb:mongodb:5.0.21","cpe:2.3:a:mongodb:mongodb:5.0.22","cpe:2.3:a:mongodb:mongodb:5.0.23","cpe:2.3:a:mongodb:mongodb:5.0.24","cpe:2.3:a:mongodb:mongodb:5.0.25","cpe:2.3:a:mongodb:mongodb:5.0.26","cpe:2.3:a:mongodb:mongodb:5.0.27","cpe:2.3:a:mongodb:mongodb:5.0.28","cpe:2.3:a:mongodb:mongodb:5.0.3","cpe:2.3:a:mongodb:mongodb:5.0.30","cpe:2.3:a:mongodb:mongodb:5.0.31","cpe:2.3:a:mongodb:mongodb:5.0.4","cpe:2.3:a:mongodb:mongodb:5.0.5","cpe:2.3:a:mongodb:mongodb:5.0.6","cpe:2.3:a:mongodb:mongodb:5.0.7","cpe:2.3:a:mongodb:mongodb:5.0.8","cpe:2.3:a:mongodb:mongodb:5.0.9","cpe:2.3:a:mongodb:mongodb:6.0.0","cpe:2.3:a:mongodb:mongodb:6.0.1","cpe:2.3:a:mongodb:mongodb:6.0.10","cpe:2.3:a:mongodb:mongodb:6.0.11","cpe:2.3:a:mongodb:mongodb:6.0.12","cpe:2.3:a:mongodb:mongodb:6.0.13","cpe:2.3:a:mongodb:mongodb:6.0.14","cpe:2.3:a:mongodb:mongodb:6.0.15","cpe:2.3:a:mongodb:mongodb:6.0.16","cpe:2.3:a:mongodb:mongodb:6.0.17","cpe:2.3:a:mongodb:mongodb:6.0.18","cpe:2.3:a:mongodb:mongodb:6.0.2","cpe:2.3:a:mongodb:mongodb:6.0.20","cpe:2.3:a:mongodb:mongodb:6.0.21","cpe:2.3:a:mongodb:mongodb:6.0.22","cpe:2.3:a:mongodb:mongodb:6.0.23","cpe:2.3:a:mongodb:mongodb:6.0.24","cpe:2.3:a:mongodb:mongodb:6.0.25","cpe:2.3:a:mongodb:mongodb:6.0.26","cpe:2.3:a:mongodb:mongodb:6.0.3","cpe:2.3:a:mongodb:mongodb:6.0.4","cpe:2.3:a:mongodb:mongodb:6.0.5","cpe:2.3:a:mongodb:mongodb:6.0.6","cpe:2.3:a:mongodb:mongodb:6.0.7","cpe:2.3:a:mongodb:mongodb:6.0.8","cpe:2.3:a:mongodb:mongodb:6.0.9","cpe:2.3:a:mongodb:mongodb:7.0.0","cpe:2.3:a:mongodb:mongodb:7.0.1","cpe:2.3:a:mongodb:mongodb:7.0.10","cpe:2.3:a:mongodb:mongodb:7.0.11","cpe:2.3:a:mongodb:mongodb:7.0.12","cpe:2.3:a:mongodb:mongodb:7.0.13","cpe:2.3:a:mongodb:mongodb:7.0.14","cpe:2.3:a:mongodb:mongodb:7.0.15","cpe:2.3:a:mongodb:mongodb:7.0.16","cpe:2.3:a:mongodb:mongodb:7.0.17","cpe:2.3:a:mongodb:mongodb:7.0.18","cpe:2.3:a:mongodb:mongodb:7.0.19","cpe:2.3:a:mongodb:mongodb:7.0.2","cpe:2.3:a:mongodb:mongodb:7.0.20","cpe:2.3:a:mongodb:mongodb:7.0.21","cpe:2.3:a:mongodb:mongodb:7.0.22","cpe:2.3:a:mongodb:mongodb:7.0.23","cpe:2.3:a:mongodb:mongodb:7.0.24","cpe:2.3:a:mongodb:mongodb:7.0.25","cpe:2.3:a:mongodb:mongodb:7.0.26","cpe:2.3:a:mongodb:mongodb:7.0.27","cpe:2.3:a:mongodb:mongodb:7.0.3","cpe:2.3:a:mongodb:mongodb:7.0.4","cpe:2.3:a:mongodb:mongodb:7.0.5","cpe:2.3:a:mongodb:mongodb:7.0.6","cpe:2.3:a:mongodb:mongodb:7.0.7","cpe:2.3:a:mongodb:mongodb:7.0.8","cpe:2.3:a:mongodb:mongodb:7.0.9","cpe:2.3:a:mongodb:mongodb:8.0.0","cpe:2.3:a:mongodb:mongodb:8.0.1","cpe:2.3:a:mongodb:mongodb:8.0.10","cpe:2.3:a:mongodb:mongodb:8.0.11","cpe:2.3:a:mongodb:mongodb:8.0.12","cpe:2.3:a:mongodb:mongodb:8.0.13","cpe:2.3:a:mongodb:mongodb:8.0.14","cpe:2.3:a:mongodb:mongodb:8.0.15","cpe:2.3:a:mongodb:mongodb:8.0.16","cpe:2.3:a:mongodb:mongodb:8.0.2","cpe:2.3:a:mongodb:mongodb:8.0.3","cpe:2.3:a:mongodb:mongodb:8.0.4","cpe:2.3:a:mongodb:mongodb:8.0.5","cpe:2.3:a:mongodb:mongodb:8.0.6","cpe:2.3:a:mongodb:mongodb:8.0.7","cpe:2.3:a:mongodb:mongodb:8.0.8","cpe:2.3:a:mongodb:mongodb:8.0.9","cpe:2.3:a:mongodb:mongodb:8.2.0","cpe:2.3:a:mongodb:mongodb:8.2.1","cpe:2.3:a:mongodb:mongodb:8.2.2"]}