Cyber Security News

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

CybersecurityNews
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

A critical security flaw in MongoDB (CVE-2025-14847) allows unauthenticated attackers to read uninitialized heap memory through mismatched length fields in Zlib headers. Users are urged to update to secure versions or disable Zlib compression to mitigate the risk. #MongoDB #CVE-2025-14847

Keypoints

  • The vulnerability affects multiple MongoDB versions from 3.6 to 8.2.3.
  • CVE-2025-14847 involves improper handling of length parameter inconsistency in Zlib headers.
  • Exploiting this flaw can lead to disclosure of uninitialized heap memory without authentication.
  • MongoDB has released fixed versions, including 8.2.3, 8.0.17, and others, to address the issue.
  • Disabling Zlib compression or upgrading MongoDB is recommended for mitigation.

Read More: https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html