πŸ”΄ CVE-2025-14847

Critical memory disclosure vulnerability in MongoDB Server allowing unauthenticated remote attackers to read heap memory through malformed Zlib compressed protocol headers. CISA has added this to KEV catalog due to confirmed active exploitation in the wild.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-19

Added to CISA KEV: 2025-12-29 10 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-12-29)

Here's what is known about the CVE-2025-14847 vulnerability exploitation:

  • Affected Applications/Services: The vulnerability affects MongoDB servers [2] and can impact both internet-exposed and internal resources [2].
  • Active Exploitation: There is evidence of active exploitation of CVE-2025-14847 in the wild [2][4].
  • CISA KEV Status: CISA has added CVE-2025-14847 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [4].
  • Attack Vectors/Exploitation Methods:
* A remote, unauthenticated attacker can trigger a condition where the MongoDB server returns uninitialized memory from its heap [1]. * An attacker with local network access could send a specially crafted URL to access certain administration functions without login credentials [3].
  • Impact of Exploitation: Successful exploitation could allow an attacker to:
* Extract sensitive information from MongoDB servers, including user information, passwords, and API keys [2]. * Disclose sensitive in-memory data, including internal state information and pointers that may assist in further exploitation [1]. * Access certain administration functions without credentials [3].
  • Targeted Attacks: While the provided documents confirm active exploitation, there is no specific information available regarding whether CVE-2025-14847 has been used in targeted attacks.
  • Technical Details Regarding Internet Exploitability: CVE-2025-14847 allows a remote, unauthenticated attacker to trigger a condition in which the MongoDB server may return uninitialized memory from its heap [1].
Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Patches for MongoDB Atlas have been applied [2].

Sources

  1. New MongoDB Flaw Lets Unauthenticated Attackers Read...

    "CVE-2025-14847 allows a remote, unauthenticated attacker to trigger a condition in which the MongoDB server may return uninitialized memory from its heap," OP Innovate said. "This could result in the disclosure of sensitive in-memory data, including internal state information, pointers, or other da…

  2. MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

    Successful exploitation of the shortcoming could allow an attacker to extract sensitive information from MongoDB servers, including user information, passwords, and API keys.This includes both internet-exposed and internal resources. The exact details surrounding the nature of attacks exploiting the…

  3. Vulnerability Summary for the Week of December 15, 2025 | CISA

    Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.

  4. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-14847…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed