{"id":"CVE-2025-14847","summary":"Zlib compressed protocol header length confusion may allow memory read","details":"Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.","aliases":["BIT-mongodb-2025-14847"],"modified":"2026-05-24T06:00:19.744299Z","published":"2025-12-19T11:00:22.465Z","related":["CGA-r8x7-2648-724g"],"database_specific":{"cwe_ids":["CWE-130"],"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"8.2"},{"fixed":"8.2.3"},{"introduced":"8.0"},{"fixed":"8.0.17"},{"introduced":"7.0"},{"fixed":"7.0.28"},{"introduced":"6.0"},{"fixed":"6.0.27"},{"introduced":"5.0"},{"fixed":"5.0.32"},{"introduced":"4.4"},{"fixed":"4.4.30"},{"last_affected":"4.2"},{"last_affected":"4.0"},{"last_affected":"3.6"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14847.json","cna_assigner":"mongodb"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/12/29/21"},{"type":"WEB","url":"https://jira.mongodb.org/browse/SERVER-115508"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14847"},{"type":"WEB","url":"https://www.smartkeyss.com/post/mongobleed-pre-auth-memory-disclosure-via-op_compressed-in-mongodb-cve-2025-14847"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-14847-detection-script-heap-memory-exposure-in-mongodb-server"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-14847-mitigation-script-heap-memory-exposure-in-mongodb-server"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14847.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14847"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"a57d8e71e6998a2d0afde7edc11bd23e5661c915"},{"fixed":"1ae4c9990dbc5711f3500748f0c3f8b5d375d8c0"},{"introduced":"1184f004a99660de6f5e745573419bda8a28c0e9"},{"fixed":"1c23b749ffbe99573fd065904a0a87368c1c6523"},{"introduced":"e61bf27c2f6a83fed36e5a13c008a32d563babe2"},{"fixed":"2884bcf91236785867396e7916eeb873c59f84cd"},{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"5393ef6c933e57093d11f704e611195301a967dd"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"fe4a0b8cf49fd664128bcf668c046292c8e8eb80"},{"introduced":"b993867dce63dd366cd93e60f3f425ed716f6497"},{"fixed":"029d8f99bf1e828b5327946b9c820bf493f466f1"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"],"extracted_events":[{"introduced":"3.6.0"},{"fixed":"4.4.30"},{"introduced":"5.0.0"},{"fixed":"5.0.32"},{"introduced":"6.0.0"},{"fixed":"6.0.27"},{"introduced":"7.0.0"},{"fixed":"7.0.28"},{"introduced":"8.0.0"},{"fixed":"8.0.17"},{"introduced":"8.2.0"},{"fixed":"8.2.3"}]}}],"versions":["r8.0.17-alpha0","r8.0.16-rc1","r8.0.16","r7.0.27-alpha0","r7.0.26-rc0","r7.0.26","r8.2.3-alpha0","r8.2.2-rc0","r8.2.2","r8.0.16-rc0","r8.0.14-rc1","r8.0.14","r7.0.24-rc0","r7.0.24","r8.2.1-rc1","r8.2.1","r8.2.1-rc0","r6.0.26-rc0","r6.0.26","r7.0.25-alpha0","r8.0.14-rc0","r8.2.0","r8.0.13-rc2","r8.0.13","r6.0.25-rc0","r6.0.25","r8.0.13-rc1","r8.0.13-rc0","r7.0.23-rc1","r7.0.23","r7.0.23-rc0","r7.0.22-rc0","r7.0.22","r8.0.12-rc0","r8.0.12","r8.0.10-rc0","r8.0.10","r6.0.24-rc0","r6.0.24","r7.0.21-rc0","r7.0.21","r6.0.24-alpha0","r7.0.21-alpha0","r7.0.18","r6.0.21","r8.0.6","r7.0.17","r8.0.5-rc2","r8.0.5","r8.0.5-rc1","r8.0.5-rc0","r5.0.31-rc1","r5.0.31","r5.0.31-rc0","r6.0.20-rc3","r6.0.20","r6.0.20-rc2","r6.0.20-rc1","r6.0.20-rc0","r7.0.16-rc1","r7.0.16-rc0","r7.0.16","r8.0.4-rc0","r8.0.4","r6.0.19","r5.0.30","r7.0.15","r8.0.3","r8.0.2","r7.0.15-rc1","r7.0.15-rc0","r8.0.1-rc0","r8.0.1","r8.0.0","r6.0.18-rc0","r6.0.18","r5.0.29-rc0","r5.0.29","r7.0.14-rc0","r7.0.14","r7.0.13-rc1","r7.0.13","r6.0.17-rc0","r6.0.17","r7.0.13-rc0","r5.0.28-rc0","r5.0.28","r7.0.12-rc1","r7.0.12","r7.0.12-rc0","r6.0.16-rc0","r6.0.16","r5.0.27-rc0","r5.0.27","r7.0.11-rc2","r7.0.11","r7.0.11-rc1","r7.0.11-rc0","r7.0.10-rc0","r7.0.10","r7.0.9-rc1","r7.0.9","r7.0.9-rc0","r6.0.15-rc0","r6.0.15","r7.0.8-rc0","r7.0.8","r5.0.26-rc0","r5.0.26","r7.0.7-rc2","r7.0.7","r7.0.7-rc1","r7.0.7-rc0","r5.0.25-rc0","r5.0.25","r6.0.14-rc1","r6.0.14","r7.0.6-rc0","r7.0.6","r6.0.14-rc0","r5.0.24-rc0","r5.0.24","r6.0.13-rc0","r6.0.13","r7.0.5-rc0","r7.0.5","r6.0.12-rc1","r6.0.12","r5.0.23-rc0","r5.0.23","r7.0.4-rc0","r7.0.4","r6.0.12-rc0","r5.0.22-rc1","r5.0.22","r7.0.3-rc1","r7.0.3","r7.0.3-rc0","r5.0.22-rc0","r6.0.11-rc0","r6.0.11","r7.0.2-rc2","r7.0.2","r7.0.2-rc1","r7.0.2-rc0","r5.0.21-rc0","r5.0.21","r6.0.10-rc0","r6.0.10","r7.0.1-rc0","r7.0.1","r7.0.0","r6.0.9-rc1","r6.0.9","r5.0.20-rc1","r5.0.20","r5.0.20-rc0","r6.0.9-rc0","r5.0.19-rc0","r5.0.19","r6.0.8-rc0","r6.0.8","r6.0.7-rc0","r6.0.7","r5.0.18-rc2","r5.0.18","r5.0.18-rc1","r5.0.18-rc0","r6.0.6-rc1","r6.0.6","r6.0.6-rc0","r5.0.17-rc0","r5.0.17","r5.0.16-rc0","r5.0.16","r6.0.5-rc1","r6.0.5","r6.0.5-rc0","r6.0.4-rc1","r5.0.15-rc2","r5.0.15","r5.0.15-rc1","r5.0.15-rc0","r6.0.4-rc0","r6.0.4","r5.0.14-rc0","r5.0.14","r6.0.3-rc2","r6.0.3-rc1","r6.0.3","r6.0.3-rc0","r6.0.2-rc1","r6.0.2","r5.0.13-rc0","r5.0.13","r5.0.12-rc0","r5.0.12","r6.0.2-rc0","r5.0.11-rc1","r5.0.11","r5.0.11-rc0","r6.0.1-rc0","r6.0.1","r5.0.10-rc0","r5.0.10","r6.0.0","r5.0.9-rc1","r5.0.9","r5.0.9-rc0","r5.0.8-rc0","r5.0.8","r5.0.7-rc1","r5.0.7","r5.0.7-rc0","r5.0.6-rc2","r5.0.6","r5.0.6-rc1","r5.0.6-rc0","r5.0.5-rc0","r5.0.5","r5.0.4-rc0","r5.0.4","r5.0.3-rc2","r5.0.3","r5.0.3-rc1","r5.0.3-rc0","r5.0.2-rc0","r5.0.2","r5.0.1-rc0","r5.0.1","r5.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-14847.json","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-13884a8b","digest":{"length":490,"function_hash":"44539952122951193820189895803505653784"},"signature_type":"Function","target":{"function":"ZlibMessageCompressor::decompressData","file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-2672476e","digest":{"threshold":0.9,"line_hashes":["211077663858312802762630252894462912840","108728768873483154284341851081759426662","7538840824503348162464178445371897847","142796457045306062584193826862728233526"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-2c754b74","digest":{"length":490,"function_hash":"44539952122951193820189895803505653784"},"signature_type":"Function","target":{"function":"ZlibMessageCompressor::decompressData","file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-3e211a73","digest":{"threshold":0.9,"line_hashes":["211077663858312802762630252894462912840","108728768873483154284341851081759426662","7538840824503348162464178445371897847","142796457045306062584193826862728233526"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-4ebe53be","digest":{"threshold":0.9,"line_hashes":["223578843072983623210289619587567631381","288184508368085275043734472693346273551","313704369924452525807126154127698479273","27538339864533392307620662921615754536","86944101300784522366181838095985448845","52643030315872368518429516134699151301"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_manager_test.cpp"},"source":"https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-659ff257","digest":{"threshold":0.9,"line_hashes":["223578843072983623210289619587567631381","288184508368085275043734472693346273551","313704369924452525807126154127698479273","27538339864533392307620662921615754536","86944101300784522366181838095985448845","52643030315872368518429516134699151301"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_manager_test.cpp"},"source":"https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-88c29d34","digest":{"threshold":0.9,"line_hashes":["223578843072983623210289619587567631381","288184508368085275043734472693346273551","313704369924452525807126154127698479273","27538339864533392307620662921615754536","86944101300784522366181838095985448845","52643030315872368518429516134699151301"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_manager_test.cpp"},"source":"https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-cf2dd3d4","digest":{"threshold":0.9,"line_hashes":["211077663858312802762630252894462912840","108728768873483154284341851081759426662","7538840824503348162464178445371897847","142796457045306062584193826862728233526"]},"signature_type":"Line","target":{"file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1"},{"deprecated":false,"signature_version":"v1","id":"CVE-2025-14847-e9764b4c","digest":{"length":490,"function_hash":"44539952122951193820189895803505653784"},"signature_type":"Function","target":{"function":"ZlibMessageCompressor::decompressData","file":"src/mongo/transport/message_compressor_zlib.cpp"},"source":"https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd"}],"vanir_signatures_modified":"2026-05-24T06:00:19Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}