Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MongoDB Server CVE-2025-14847 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 54
1 unique sources, 2 articles

Summary

Hide ▲

MongoDB issued an immediate mitigation advisory for CVE-2025-14847, warning that MongoDB Server deployments face a high-severity memory-read flaw that unauthenticated attackers may abuse remotely. Administrators are told to upgrade immediately to fixed releases or, if patching is delayed, disable zlib compression to reduce exposure. The advisory covers multiple MongoDB and MongoDB Server version lines, making the guidance relevant to widely deployed instances. The issue matters because it can expose uninitialized heap memory through the server's zlib implementation.

Related Happenings

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Drupal Core database abstraction API SQL injection SQL injection flaw (CVE-2026-9082)

Vulnerability
First: 21.05.2026 06:44 Last: 21.05.2026 06:44 Sources 1

About this happening: **CVE-2026-9082** in **Drupal Core** is a **SQL injection** flaw in the **database abstraction API** that affects **PostgreSQL-backed sites** and can lead to **information disclos...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

Timeline

  1. 24.12.2025 16:18 2 articles · 5mo ago

    MongoDB issues immediate patch advisory for CVE-2025-14847

    Initial Disclosure

    MongoDB warned administrators to immediately patch CVE-2025-14847, a high-severity memory-read vulnerability affecting multiple MongoDB and MongoDB Server versions. The flaw can be abused remotely by unauthenticated attackers in low-complexity attacks without user interaction through the server's zlib implementation, which may return uninitialized heap memory. Administrators were told to upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30, or disable zlib compression on mongod or mongos if patching is delayed.

    Show sources
    Open in new tab