COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-14847

CVE-2025-14847

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-12-29
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-14847
⌖ exploited in the wild shame 50/100 exploited-in-wild

MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.

Players implicated

MongoDB · vendorMongoDB and MongoDB Server · product

Description

MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
MongoDB Atlas for Government MongoDB Authorized vendor-exact · 0.90