A critical security flaw in MongoDB (CVE-2025-14847) allows unauthenticated attackers to read uninitialized heap memory through mismatched length fields in Zlib headers. Users are urged to update to secure versions or disable Zlib compression to mitigate the risk. #MongoDB #CVE-2025-14847
Keypoints
- The vulnerability affects multiple MongoDB versions from 3.6 to 8.2.3.
- CVE-2025-14847 involves improper handling of length parameter inconsistency in Zlib headers.
- Exploiting this flaw can lead to disclosure of uninitialized heap memory without authentication.
- MongoDB has released fixed versions, including 8.2.3, 8.0.17, and others, to address the issue.
- Disabling Zlib compression or upgrading MongoDB is recommended for mitigation.
Read More: https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html