• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
AimactGrow
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
AimactGrow
No Result
View All Result

New MongoDB Flaw Lets Unauthenticated Attackers Learn Uninitialized Reminiscence

Admin by Admin
December 29, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 27, 2025Ravie LakshmananDatabase Safety / Vulnerability

MongoDB Flaw

A high-severity safety flaw has been disclosed in MongoDB that would permit unauthenticated customers to learn uninitialized heap reminiscence.

The vulnerability, tracked as CVE-2025-14847 (CVSS rating: 8.7), has been described as a case of improper dealing with of size parameter inconsistency, which arises when a program fails to appropriately deal with eventualities the place a size subject is inconsistent with the precise size of the related knowledge.

“Mismatched size fields in Zlib compressed protocol headers could permit a learn of uninitialized heap reminiscence by an unauthenticated shopper,” in response to a description of the flaw in CVE.org.

Cybersecurity

The flaw impacts the next variations of the database –

  • MongoDB 8.2.0 by means of 8.2.3
  • MongoDB 8.0.0 by means of 8.0.16
  • MongoDB 7.0.0 by means of 7.0.26
  • MongoDB 6.0.0 by means of 6.0.26
  • MongoDB 5.0.0 by means of 5.0.31
  • MongoDB 4.4.0 by means of 4.4.29
  • All MongoDB Server v4.2 variations
  • All MongoDB Server v4.0 variations
  • All MongoDB Server v3.6 variations

The difficulty has been addressed in MongoDB variations 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.

“An client-side exploit of the Server’s zlib implementation can return uninitialized heap reminiscence with out authenticating to the server,” MongoDB mentioned. “We strongly suggest upgrading to a hard and fast model as quickly as potential.”

Cybersecurity

If rapid replace isn’t an possibility, it is advisable to disable zlib compression on the MongoDB Server by beginning mongod or mongos with a networkMessageCompressors or a internet.compression.compressors possibility that explicitly omits zlib. The opposite compressor choices supported by MongoDB are snappy and zstd.

“CVE-2025-14847 permits a distant, unauthenticated attacker to set off a situation by which the MongoDB server could return uninitialized reminiscence from its heap,” OP Innovate mentioned. “This might outcome within the disclosure of delicate in-memory knowledge, together with inside state data, pointers, or different knowledge which will help an attacker in additional exploitation.”

Tags: AttackersFlawLetsmemoryMongoDBReadUnauthenticatedUninitialized
Admin

Admin

Next Post
No extra teasing, Arknights: Endfield lastly has a January launch date

No extra teasing, Arknights: Endfield lastly has a January launch date

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

5 Scripts for Content material Advertising and marketing Requests

5 Scripts for Content material Advertising and marketing Requests

March 26, 2025
What Swap 2 Leaks Inform Us About The Upcoming Longest Nintendo Direct Ever

What Swap 2 Leaks Inform Us About The Upcoming Longest Nintendo Direct Ever

September 11, 2025

Trending.

Nsfw Chatgpt Options – Examples I’ve Used

Nsfw Chatgpt Options – Examples I’ve Used

October 13, 2025
ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

June 24, 2026
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

June 25, 2026
Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

September 23, 2025
Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

June 29, 2026

AimactGrow

Welcome to AimactGrow, your ultimate source for all things technology! Our mission is to provide insightful, up-to-date content on the latest advancements in technology, coding, gaming, digital marketing, SEO, cybersecurity, and artificial intelligence (AI).

Categories

  • AI
  • Coding
  • Cybersecurity
  • Digital marketing
  • Gaming
  • SEO
  • Technology

Recent News

Warframe’s Banshee is getting a rework

Warframe’s Banshee is getting a rework

July 12, 2026
Ghost Accounts Abuse GitHub API in Mass Recon Marketing campaign

Ghost Accounts Abuse GitHub API in Mass Recon Marketing campaign

July 12, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved