Statement on CVE 2025-14847 MongoDB Vulnerability

December 19, 2025

Information

The MongoDB Vulnerability may allow uninitialized memory read by an unauthenticated client due to mismatched length parameters in Zlib protocol headers.

For additional information, please refer to NIST | CVE-2025-14847.

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted by the MongoDB vulnerability. Melissa has performed a thorough investigation of both in-house built APIs, web interfaces, and vendor supplied solutions. Melissa has taken the necessary steps to update any affected versions to fixed versions and confirm no impact because instances are restricted to private subnets with strictly defined security groups, ensuring they are not reachable from the public internet, which completely mitigated the exploitability of unauthenticated memory leaks. Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.