Home / Security updates / MongoBleed (CVE-2025-14847
MongoBleed (CVE-2025-14847
Security updates detail rendered from /security-updates/upd_39da5a047428f727.
Overview
| ID | upd_39da5a047428f727 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Broadridge |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_39da5a047428f727 |
| providerId | safebase |
| organizationId | org_d6453fb8c77f0b6a |
| trustCenterId | tc_c6ca607ff40394b4 |
| title | MongoBleed (CVE-2025-14847 |
| message | Threat Response January 15, 2026 BROADRIDGE RESPONSE STATEMENT On December 29th, 2025, Broadridge was notified about a recent announcement by the Cybersecurity and Infrastructure Security Agency (CISA) regarding MongoDB servers (CVE-2025-14847) which have been actively exploited in the wild. CVE-2025-14847, also known as “MongoBleed”, stems from improper handling of length fields in zlib-compressed network protocol messages, allowing unauthenticated remote attackers to coerce MongoDB into returning uninitialized heap memory to the client. Affected versions of the MongoBleed (CVE-2025-14847) include: • MongoDB Server v7.0 prior to 7.0.28 versions • MongoDB Server v8.0 versions prior to 8.0.17 • MongoDB Server v8.2 versions prior to 8.2.3 • MongoDB Server v6.0 versions prior to 6.0.27 • MongoDB Server v5.0 versions prior to 5.0.32 • MongoDB Server v4.4 versions prior to 4.4.30 • MongoDB Server v4.2 versions greater than or equal to 4.2.0 • MongoDB Server v4.0 versions greater than or |
| url | - |
| publishedAt | 2026-01-15 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_d6453fb8c77f0b6a",
"name": "Broadridge",
"domains": [
"trust.broadridge.com",
"broadridge.com"
]
} |
| trust_center | {
"id": "tc_c6ca607ff40394b4",
"name": "Broadridge",
"url": "https://trust.broadridge.com",
"host": "trust.broadridge.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_39da5a047428f727",
"company": "/v1/companies/org_d6453fb8c77f0b6a",
"trust_center": "/v1/trust-centers/tc_c6ca607ff40394b4",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_39da5a047428f727JSON