Security specialists, including TurnKey era CTO Jason DeCew, are warning that a significant new vulnerability labeled CVE-2025-14847 with CVSS score 8.7 recently discovered. This vulnerability makes it possible for unauthenticated remote attackers to leak sensitive data, including the environment variable, from the memory of MongoDB servers. The issue is mainly based on the way MongoDB Server implements message decompression, particularly in the decompressor located in “message_compressor_zlib.cpp.”
The flaw has been under ongoing active exploit around the world. Just as importantly, researchers found more than 87,000 publicly-accessible instances of MongoDB that are likely vulnerable. Security researchers Merav Bar and Amitai Cohen have been instrumental in sounding the alarm about this vulnerability. They have focused on its huge dangers across hybrid and multi-cloud environments.
Scope of the Vulnerability
Reports state that CVE-2025-14847 threatens both internet-exposed and internal resources, which would make the threat more versatile. A staggering 42% of cloud environments currently host at least one instance of MongoDB in a version vulnerable to this exploit.
The vulnerability exists because attackers can leverage differences in how the length parameter is handled in zlib compressed protocol headers. This can result in information leakage via wrongly-assigned buffer overflows.
“MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in zlib compressed protocol headers,” – CISA
Attackers are employing new ways that we don’t yet fully understand. They caution this vulnerability could one day let them break in and steal sensitive data.
“Although the attacker might need to send a large amount of requests to gather the full database, and some data might be meaningless, the more time an attacker has, the more information could be gathered,” – OX Security
Furthermore, OX Security stated, “A flaw in zlib compression allows attackers to trigger information leakage.” This announcement further calls attention to the desperate state of MongoDB users, who need to act now.
Recommendations for Users
To address the issues posed by CVE-2025-14847, we recommend all users upgrade their installations to patched versions. MongoDB has published patches for the affected versions, including 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. MongoDB Atlas MongoDB sent patches ahead of the public disclosure, and those patches are already live in MongoDB Atlas.