THREAT OPS › CVEs › CVE-2025-14847
CVE-2025-14847 — MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.
Vulnerability details
- Affected productsMongoDB and MongoDB Server
- KEV remediation due2026-01-19