MongoDB Discloses Critical Unauthenticated Data Leak Vulnerability

MongoDB Server disclosed a critical security vulnerability, tracked as CVE-2025-14847. The flaw carries a high-severity CVSS score of 8.7. This vulnerability allows an unauthenticated attacker to access and leak sensitive data directly from the server’s memory.

The vulnerability stems from how the server handles data compression using the zlib library. A malicious client exploits this mechanism to retrieve uninitialized heap memory. Attackers send a specially crafted request, tricking the server into responding with chunks of its internal memory.

This leaked memory may contain sensitive information from recent queries or cached data. The bug is particularly serious because it requires no valid login credentials; network access to the database port is sufficient to execute the attack. Specific analysis regarding the market’s reaction to this security disclosure was not available at the time of the reports.

Related News

MongoDB Options Volume Surges Over 2,000% as Bulls and Bears Clash

Oppenheimer Lowers MongoDB Price Target to $425, Maintains 'Outperform' Rating

🟢 MDB is trading 2.9% up today following Nvidia's AI partnership with Meta and sector-wide recovery

MongoDB in pre-market as director Merriman sells $6.1M in stock; AI strategy gains analyst support

MongoDB stock declines in after-hours trading amid broader tech selloff and AI valuation concerns