Sensitive information can be remotely leaked by an unauthorized attacker thanks to a MongoDB vulnerability. The zlib message decompression implementation is the source of the issue. The vulnerability does not require user interaction and can be accessed before authentication.

Updates to MongoDB versions

8.2.3, 8.0.17, 70.28, 60.27, 50.32, and 4.4.30 are recommended for users.

It's important to note that the MongoDB Atlas package and the Ubuntu rsync package, both of which use zlib, are also vulnerable. Although the specifics of the attacks that take advantage of the vulnerability are currently unknown, security researchers claim that it may enable an attacker to retrieve user data, passwords, and API keys from MongoDB servers. The United States, China, Germany, India, and France have the most vulnerable instances, accounting for 42% of cloud environments with at least one MongoDB instance running a version susceptible to CVE-2025-14847, according to security firm Wiz.

It is advised to start mongod or mongos with a networkMessageCompressors or a net in order to disable zlib compression on MongoDB Server.compression option that specifically leaves out zlib. Limiting the network exposure of Mongo DB servers and keeping an eye out for unusual pre-authentication connections in MongoDB logs are additional mitigations.