Skip to content

CVE-2025-14847

is CVE-2025-14847real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
High · CVSS 7.5EPSS 83.0%CISA KEVCWE-130
Affected:Mongodb

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2025-14847
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2025-14847/badge.svg)](https://www.truepositive.app/cve/CVE-2025-14847)
HTML
<a href="https://www.truepositive.app/cve/CVE-2025-14847"><img src="https://www.truepositive.app/cve/CVE-2025-14847/badge.svg" alt="TruePositive verdict for CVE-2025-14847"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts
Not a real issue

to add your verdict.

Community real-world severity: High (High 2) — CVSS base score 7.5

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.