THREATOPS
THREAT OPSCVEs › CVE-2025-14847

CVE-2025-14847 — MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability

CISA KEVExploited: confirmedMongoDB

MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.

Vulnerability details

Related reporting