The flaw was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on December 29, 2025, confirming threat actors are actively targeting this security weakness in real-world attacks.
CVE-2025-14847 is an improper handling of length parameter inconsistency vulnerability in the Zlib-compressed protocol headers of the MongoDB Server.
This critical flaw enables unauthenticated attackers to read uninitialized heap memory remotely, potentially exposing sensitive information stored in server memory without authentication credentials.
The vulnerability is classified as CWE-130: improper handling of length parameters inconsistent with the actual data.
Its severity lies in accessibility; attackers can exploit it without authentication, making MongoDB deployments exposed to the internet particularly vulnerable.
Uninitialized heap memory may contain sensitive data such as database credentials, session tokens, encryption keys, or confidential business information left in memory from previous operations.
CISA’s addition of CVE-2025-14847 to the KEV catalog confirms cybercriminals are actively exploiting this vulnerability in the wild.
While it remains unknown whether the flaw has been incorporated into ransomware campaigns, the active exploitation status demands immediate attention from organizations running MongoDB infrastructure.
Federal agencies and organizations must implement mitigation measures by January 19, 2026, per CISA’s Binding Operational Directive (BOD) 22-01.
| CVE ID | Vulnerability | CVSS Score | Severity | Affected Product | Status |
|---|---|---|---|---|---|
| CVE-2025-14847 | Improper Length Parameter Handling in Zlib Protocol | 9.1 | Critical | MongoDB Server | Active Exploitation |
Organizations should immediately apply security patches and updates released by MongoDB, in accordance with the vendor’s instructions.
For cloud-based MongoDB deployments, administrators should follow the applicable guidance in BOD 22-01 for cloud services.
If mitigations or patches are unavailable, CISA recommends discontinuing use of the affected product until proper security measures are in place.
Organizations should prioritize patching internet-facing MongoDB instances and conduct thorough security assessments to identify potentially compromised systems.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyber Press as a Preferred Source in Google.
The post CISA Warns of Actively Exploited MongoDB Server Vulnerability (CVE-2025-14847) appeared first on Cyber Security News.
Neiki Editor is a vanilla JavaScript rich text editor that turns a textarea into a…
CalendarJS is a feature-rich JavaScript calendar library that allows you to create calendars, date pickers,…
LANSING, MI (WOWO) A Michigan township official is urging communities to update zoning policies as…
A critical vulnerability in Flowise and multiple AI frameworks has been discovered by OX Security,…
Vercel has disclosed a significant security incident after threat actors gained unauthorized access to internal…
HAMMOND, IND. (WOWO) Indiana officials have approved a lease amendment that will allow more frequent…
This website uses cookies.