MongoDB Information Disclosure Vulnerability

Release Date: 23 Dec 2025

RISK: Medium Risk

TYPE: Servers - Database Servers

A vulnerability was identified in MongoDB. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure

---

System / Technologies affected

• All MongoDB Server v3.6 versions
• All MongoDB Server v4.0 versions
• All MongoDB Server v4.2 versions
• MongoDB versions 4.4.0 through 4.4.29
• MongoDB versions 5.0.0 through 5.0.31
• MongoDB versions 6.0.0 through 6.0.26
• MongoDB versions 7.0.0 through 7.0.26
• MongoDB versions 8.0.0 through 8.0.16
• MongoDB versions 8.2.0 through 8.2.3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://jira.mongodb.org/browse/SERVER-115508

---

Vulnerability Identifier

• CVE-2025-14847

---

Source

• MongoDB

---

Related Link

• https://jira.mongodb.org/browse/SERVER-115508