Main Vulnerability Database Exploits ID:12262 - Exploit for Improper Handling of Length Parameter Inconsistency in MongoDB - CVE-2025-14847

ID:12262 - Exploit for Improper Handling of Length Parameter Inconsistency in MongoDB - CVE-2025-14847

Published: January 9, 2026

Vulnerability identifier: #VU120254

Vulnerability risk: High

CVE-ID: CVE-2025-14847

CWE-ID: CWE-130

Exploitation vector: Remote access

Vulnerable software:
MongoDB

Link to public exploit:

https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit

Vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to mismatched length fields in Zlib compressed protocol headers. A remote non-authenticated client can read parts of uninitialized heap memory and gain access to sensitive information.

Remediation

Install updates from vendor's website.

ID:12262 - Exploit for Improper Handling of Length Parameter Inconsistency in MongoDB - CVE-2025-14847

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human