New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately…
