Home / Security updates / Security Advisory: CVE-2025-14847 (MongoBleed)
Security Advisory: CVE-2025-14847 (MongoBleed)
Security updates detail rendered from /security-updates/upd_03c88b5d4096a3bf.
Overview
| ID | upd_03c88b5d4096a3bf |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Scaleway |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_03c88b5d4096a3bf |
| providerId | safebase |
| organizationId | org_9c40dfe3f8d30eb8 |
| trustCenterId | tc_97ceaa0bb95c8ff7 |
| title | Security Advisory: CVE-2025-14847 (MongoBleed) |
| message | # Security Advisory: CVE-2025-14847 (MongoBleed) ## 1. Definition **CVE-2025-14847** is a critical information disclosure vulnerability in the **MongoDB Server** network transport layer. It is a heap-based memory leak flaw that allows a remote, unauthenticated attacker to read fragments of the server's uninitialized memory. ## 2. How It Works The vulnerability originates within the server's network transport layer, specifically during the handling of zlib-compressed messages. When a client initiates a connection, it can request that communication be compressed to save bandwidth. The flaw occurs because the MongoDB server's decompression routine fails to strictly validate the relationship between the size of the incoming compressed packet and the size of the memory buffer allocated to hold the resulting data. An attacker exploits this by sending a specially crafted, malformed zlib packet that claims to be smaller than the space the server allocates for it. Because the server does n |
| url | - |
| publishedAt | 2025-12-29 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_9c40dfe3f8d30eb8",
"name": "Scaleway",
"domains": [
"security.scaleway.com",
"scaleway.com"
]
} |
| trust_center | {
"id": "tc_97ceaa0bb95c8ff7",
"name": "Scaleway",
"url": "https://security.scaleway.com",
"host": "security.scaleway.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_03c88b5d4096a3bf",
"company": "/v1/companies/org_9c40dfe3f8d30eb8",
"trust_center": "/v1/trust-centers/tc_97ceaa0bb95c8ff7",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_03c88b5d4096a3bfJSON