MongoDB Known Exploited Vulnerability - 20251230001

Overview

A vulnerability has been identified in MongoDB Server, where improper handling of zlib-compressed protocol headers can allow unauthenticated remote attackers to read uninitialized heap memory and potentially expose sensitive information.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
MongoDB Server	Vendor listed affected versions	CVE-2025-14847	8.7	High

What has been observed?

CISA has added one or more of the above mentioned vulnerabilities to their Known Exploited Vulnerability catalog. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• MongoDB: https://jira.mongodb.org/browse/SERVER-115508

Additional References

• CISA: https://www.cisa.gov/news-events/alerts/2025/12/29/cisa-adds-one-known-exploited-vulnerability-catalog
• Tenable https://www.tenable.com/cve/CVE-2025-14847