On December 19, 2025, MongoDB disclosed information regarding a vulnerability (CVE-2025-14847) in MongoDB involving information disclosure from uninitialized heap memory. If exploited, an unauthenticated remote third party could send specially crafted communications to read information remaining in uninitialized heap memory, potentially leading to the leakage of confidential information (such as API keys and credentials) stored within MongoDB.