MongoDB has issued an urgent security advisory warning administrators to patch a high-severity vulnerability affecting MongoDB Server deployments.
The vulnerability, tracked as CVE-2025-14847, stems from improper handling of length parameter inconsistencies in the server’s zlib compression implementation and can be exploited by unauthenticated attackers over the network.
Impact
CVE-2025-14847 allows a remote, unauthenticated attacker to trigger a condition in which the MongoDB server may return uninitialized memory from its heap. This could result in the disclosure of sensitive in-memory data, including internal state information, pointers, or other data that may assist an attacker in further exploitation.
Although direct remote code execution has not been publicly confirmed at the time of writing, memory disclosure vulnerabilities are frequently leveraged as part of more complex exploitation chains. In certain scenarios, such flaws can reduce the effectiveness of memory protections and increase the likelihood of follow-on attacks, particularly when combined with additional vulnerabilities.
Given MongoDB’s role as a core data store in many production environments, successful exploitation could expose sensitive application data and internal system details.
Affected Technologies
The vulnerability impacts MongoDB Server across a wide range of versions.
Affected versions include:
- MongoDB 8.2.0 through 8.2.3
- MongoDB 8.0.0 through 8.0.16
- MongoDB 7.0.0 through 7.0.26
- MongoDB 6.0.0 through 6.0.26
- MongoDB 5.0.0 through 5.0.31
- MongoDB 4.4.0 through 4.4.29
- All MongoDB Server 4.2, 4.0, and 3.6 releases
MongoDB has released fixed versions to address the issue.
Mitigation Guidance
MongoDB strongly recommends upgrading to a patched release as soon as possible. Fixed versions include 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.
If immediate patching is not feasible, MongoDB advises disabling zlib compression by explicitly configuring the networkMessageCompressors or net.compression.compressors settings to omit zlib. This mitigation reduces exposure by preventing the vulnerable compression path from being used.
As a general best practice, MongoDB servers should not be exposed directly to the internet, and access should be restricted using network controls and authentication mechanisms.
Threat Context
MongoDB is one of the most widely deployed non-relational database platforms, used by tens of thousands of organizations globally, including large enterprises and critical infrastructure providers.
Vulnerabilities affecting core database services are consistently targeted once public details become available, particularly when they can be exploited remotely without authentication.
Stay Safe. Stay Secure
OP Innovate Research Team
