A high-severity security flaw in MongoDB is putting databases at risk of unauthorized memory access. Our AI pentester is already detecting it.

What's the vulnerability?

CVE-2025-14847 (CVSS score: 8.7) allows unauthenticated attackers to read uninitialized heap memory from MongoDB servers. The flaw stems from improper handling of length parameters in zlib compressed protocol headers.

What makes this especially dangerous is that the attacker doesn't need credentials. They can exploit MongoDB's zlib implementation remotely to extract sensitive in-memory data: internal state information, pointers, or other data that could enable further attacks.

Which versions are affected?

The vulnerability impacts a wide range of MongoDB versions:

• MongoDB 8.2.0 through 8.2.3
• MongoDB 8.0.0 through 8.0.16
• MongoDB 7.0.0 through 7.0.26
• MongoDB 6.0.0 through 6.0.26
• MongoDB 5.0.0 through 5.0.31
• MongoDB 4.4.0 through 4.4.29
• All MongoDB Server v4.2, v4.0, and v3.6 versions

If you're running any of these versions, your database is vulnerable.

What should you do?

Immediate action: Upgrade to a patched version:

• MongoDB 8.2.3
• MongoDB 8.0.17
• MongoDB 7.0.28
• MongoDB 6.0.27
• MongoDB 5.0.32
• MongoDB 4.4.30

Can't upgrade right away? Disable zlib compression on your MongoDB server. Start mongod or mongos with the networkMessageCompressors option set to exclude zlib. MongoDB supports alternative compressors like snappy and zstd.

How Ethiack helps

Our AI pentester now detects CVE-2025-14847 across your attack surface. It’ll detect MongoDB instances and validate exploitable vulnerabilities, so you know exactly where you're exposed and what needs fixing.

Every finding comes with proof-of-exploitation and clear remediation steps.

If you're running MongoDB in your environment, check your Ethiack dashboard for any detected instances of this vulnerability. If you have questions about your exposure, reach out to our team - we’re here to help!

References:

• CVE-2025-14847 Official Record
• MongoDB Security Advisory