CISA has added a essential MongoDB Server vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in cyberattacks.
CVE-2025-14847 impacts MongoDB Server and permits unauthenticated attackers to learn uninitialized heap reminiscence as a consequence of an inconsistency within the dealing with of the size parameter in Zlib-compressed protocol headers.
AttributeDetailsCVE IDCVE-2025-14847Affected ProductMongoDB and MongoDB ServerVulnerability TypeImproper Dealing with of Size Parameter InconsistencyRelated CWECWE-130Attack VectorUnauthenticated shopper accessImpactRead uninitialized heap reminiscence
The vulnerability poses a major danger because it requires no authentication, enabling distant attackers to entry delicate knowledge saved in reminiscence with out legitimate credentials.
CISA added the vulnerability to the KEV catalog on December 29, 2025, confirming energetic exploitation within the wild.
Federal companies have till January 19, 2026, to implement mitigations or discontinue use of affected merchandise, per the company’s Binding Operational Directive (BOD) 22-01.
Organizations utilizing the MongoDB Server ought to instantly apply safety patches supplied by MongoDB to deal with this vulnerability.
The flaw is classed underneath CWE-130 (Improper Dealing with of Size Parameter Inconsistency), a weak point that may result in reminiscence corruption and data disclosure.
Whereas it stays unknown whether or not CVE-2025-14847 has been utilized in ransomware campaigns, the energetic exploitation makes it a precedence for safety groups.
CISA recommends that organizations apply vendor patches, comply with BOD 22-01 steerage for cloud companies, or discontinue product use if mitigations are unavailable.
The vulnerability’s inclusion within the KEV catalog alerts that risk actors are actively focusing on MongoDB deployments.
Safety specialists warn that unpatched servers might enable attackers to extract delicate data from reminiscence, doubtlessly resulting in knowledge breaches or additional compromise of enterprise networks.
Organizations ought to prioritize patching MongoDB servers and monitoring for suspicious exercise associated to this vulnerability.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
