Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MongoDB Server improper length parameter handling RCE (CVE-2025-14847)

Vulnerability
First reported
Last updated
Happening score
H score 48
2 unique sources, 3 articles

Summary

Hide ▲

MongoDB warned admins to immediately patch CVE-2025-14847, a high-severity RCE flaw affecting vulnerable MongoDB Server versions. The weakness can be abused by unauthenticated attackers in low-complexity attacks without user interaction, raising the risk of arbitrary code execution on exposed servers. MongoDB said admins should move to fixed releases or disable zlib compression until they can upgrade.

Related Happenings

Automated extortion campaign targeting exposed MongoDB instances

Campaign
First: 01.02.2026 18:27 Last: 01.02.2026 18:27 Sources 1

About this happening: A **threat actor** is running an **active extortion campaign** against **exposed MongoDB instances**, compromising roughly **1,400 servers** and leaving ransom notes to pressure o...

Open Happening

CISA orders FCEB patching for MongoBleed

Public Sector Action
First: 30.12.2025 16:40 Last: 30.12.2025 16:40 Sources 1

How related: CISA has now confirmed Wiz's report and has added the MongoBleed security flaw to its list of vulnerabilities exploited in attacks, ordering Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks, by January 19, 2026.

About this happening: **CISA** ordered **FCEB agencies** to patch **CVE-2025-14847** after confirming it was **actively exploited** in attacks, creating an urgent remediation requirement for federal sy...

Open Happening

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
First: 29.12.2025 09:49 Last: 29.12.2025 09:49 Sources 1

How related: A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.

About this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...

Open Happening

MongoDB Server CVE-2025-14847 mitigation advisory

Advisory/Mitigation
First: 24.12.2025 16:18 Last: 24.12.2025 16:18 Sources 1

How related: MongoDB addressed the MongoBleed vulnerability ten days ago, with a strong recommendation for administrators to upgrade to a safe release (8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30).

About this happening: MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...

Open Happening

Timeline

  1. 30.12.2025 16:40 1 articles · 4mo ago

    CISA orders FCEB patching for MongoBleed

    Legal Policy Action Update

    CISA confirmed Wiz's report that CVE-2025-14847, also called MongoBleed, is being exploited in attacks and added the flaw to its exploited-in-attacks list. The agency ordered Federal Civilian Executive Branch agencies to patch affected MongoDB systems within three weeks, by January 19, 2026, and told defenders to disable zlib compression if they cannot apply fixes immediately.

    Show sources
    Open in new tab
  2. 27.12.2025 09:52 1 articles · 5mo ago

    MongoDB discloses CVE-2025-14847

    Initial Disclosure

    MongoDB discloses CVE-2025-14847, a high-severity flaw in MongoDB Server zlib-compressed protocol header handling that can let an unauthenticated client read uninitialized heap memory and potentially expose sensitive in-memory data such as internal state information or pointers.

    Show sources
    Open in new tab
  3. 27.12.2025 09:52 1 articles · 5mo ago

    MongoDB releases fixed versions and workaround for CVE-2025-14847

    Mitigation Patch Update

    MongoDB addresses CVE-2025-14847 in MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30, and advises operators who cannot upgrade immediately to disable zlib compression on mongod or mongos by using networkMessageCompressors or net.compression.compressors options that omit zlib; MongoDB also notes that snappy and zstd remain supported.

    Show sources
    Open in new tab
  4. 24.12.2025 16:18 1 articles · 5mo ago

    MongoDB warns on CVE-2025-14847 remote code execution flaw

    Initial Disclosure

    MongoDB warned administrators to immediately patch CVE-2025-14847, a high-severity remote code execution flaw affecting multiple MongoDB and MongoDB Server versions, including MongoDB 8.2.0 through 8.2.3, 8.0.0 through 8.0.16, 7.0.0 through 7.0.26, 6.0.0 through 6.0.26, 5.0.0 through 5.0.31, 4.4.0 through 4.4.29, and all MongoDB Server v4.2, v4.0, and v3.6 versions; the flaw can be exploited by unauthenticated attackers in low-complexity attacks without user interaction, and the recommended mitigation is upgrading to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30, or disabling zlib compression.

    Show sources
    Open in new tab