CVE-2025-14847
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
CVSS
—
No CVSS
EPSS
83.0%
p100
KEV
YES
Dec 29, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
MongoDB / MongoDB and MongoDB Server
Vulnerability
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
Added to KEV
Dec 29, 2025
Remediate by
Jan 19, 2026
Known ransomware use
No
Summary description
MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://jira.mongodb.org/browse/SERVER-115508 ; https://nvd.nist.gov/vuln/detail/CVE-2025-14847
No related CVEs by CWE or product.