MongoDB Product Security Update Advisory (CVE-2025-14847)

Overview

 

We have released security updates to fix vulnerabilities in MongoDB products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-14847

 

MongoDB versions: 8.2.0 and above but below 8.2.3
MongoDB version: 8.0.0 or later and 8.0.16 or earlier
MongoDB version: 7.0.0 or later but not earlier than 7.0.26
MongoDB version: 6.0.0 or later but not earlier than 6.0.26
MongoDB version: 5.0.0 or later and 5.0.31 or earlier
MongoDB version: 4.4.0 or later and 4.4.29 or earlier
MongoDB Server version: 4.2 full version
MongoDB Server version: 4.0 full version
MongoDB Server version: 3.6 full version

 

 

Resolved Vulnerabilities

 

Uninitialized heap memory information exposure in an unauthenticated environment due to an error in the zlib implementation in the MongoDB product (CVE-2025-14847)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-14847

 

MongoDB version: 8.2.3
MongoDB version: 8.0.17
MongoDB version: 7.0.28
MongoDB version: 6.0.27
MongoDB version: 5.0.32
MongoDB version: 4.4.30

 

 

References

 

[1] Make minimally sized buffers for uncompressed Messages
https://jira.mongodb.org/browse/SERVER-115508