¡¾Â©¶´Í¨¸æ¡¿MongoDB zlib ѹËõÄÚ´æÐ¹Â¶Â©¶´(CVE-2025-14847)

·¢²¼Ê±¼ä 2025-12-29

Ò»¡¢Â©¶´¸ÅÊö


©¶´Ãû³Æ

MongoDB zlib ѹËõÄÚ´æÐ¹Â¶Â©¶´

CVE   ID

CVE-2025-14847

©¶´ÀàÐÍ

ÐÅϢй¶

·¢ÏÖʱ¼ä

2025-12-29

©¶´ÆÀ·Ö

8.7

©¶´µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»ÐèÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


MongoDBÊÇÒ»¸ö¿ªÔ´µÄNoSQLÊý¾Ý¿â¹ÜÀíϵͳ£¬²ÉÓÃÎĵµµ¼Ïò´æ´¢·½Ê½£¬ÒÔBSON£¨ÀàËÆJSON£©¸ñʽ´æ´¢Êý¾Ý¡£Ëü¾ßÓиßÀ©Õ¹ÐÔ¡¢Áé»îµÄģʽÉè¼ÆºÍÓÅÐãµÄÐÔÄÜ£¬ÌرðÊÊÓÃÓÚ´¦Àí´ó¹æÄ£Êý¾ÝºÍ¶¯Ì¬±ä»¯µÄÓ¦Óó¡¾°¡£MongoDBÖ§³ÖˮƽÀ©Õ¹£¬Í¨¹ý·ÖƬ¼¼ÊõʵÏÖÊý¾Ý·Ö²¼£¬ÊÊÓÃÓÚ´óÊý¾Ý·ÖÎö¡¢ÊµÊ±Êý¾Ý´¦ÀíµÈÁìÓò¡£ÆäÁé»îµÄÊý¾Ý½á¹¹Ê¹ÆäÄܹ»¸ßЧ´¦Àí¸´ÔӵIJéѯºÍ¶àÑù»¯µÄÓ¦ÓÃÐèÇó¡£


2025Äê12ÔÂ29ÈÕ£¬mansion88Ã÷Éý¼¯ÍÅVSRC¼à²âµ½MongoDB ServerÖеÄÒ»¸ö¸ßΣ©¶´£¬Ô´ÓÚzlibѹËõЭÒéÍ·µÄ´¦Àí²»µ±£¬¹¥»÷Õß¿ÉÀûÓøÃ©¶´ÔÚÎÞÐèÈÏÖ¤µÄÇé¿öÏ´¥·¢Ô¶³ÌÄÚ´æÐ¹Â¶¡£¸Ã©¶´Ó°Ïì¶à¸öMongoDB°æ±¾£¬¹¥»÷Õß¿ÉÒÔͨ¹ý·¢ËÍÌØÖÆµÄѹËõÊý¾Ý°ü£¬ÓÕʹ·þÎñÆ÷½âÎöʱ·µ»ØÎ´³õʼ»¯µÄ¶ÑÄÚ´æ¡£ÕâЩδ³õʼ»¯µÄÄÚ´æÇøÓò¿ÉÄܰüº¬Ãô¸ÐÐÅÏ¢£¬ÈçÊý¾Ý¿âƾ¾Ý¡¢Óû§Êý¾ÝµÈ¡£Â©¶´ÆÀ·Ö8.7·Ö£¬Â©¶´¼¶±ð¸ßΣ¡£


¶þ¡¢Ó°Ï췶Χ


8.2.0 <= MongoDB Server <= 8.2.2
8.0.0 <= MongoDB Server <= 8.0.16
7.0.0 <= MongoDB Server <= 7.0.27
6.0.0 <= MongoDB Server <= 6.0.26
5.0.0 <= MongoDB Server <= 5.0.31
4.4.0 <= MongoDB Server <= 4.4.29
MongoDB Server 4.2.x ËùÓа汾
MongoDB Server 4.0.x ËùÓа汾
MongoDB Server 3.6.x ËùÓа汾


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


¹Ù·½ÒÑ·¢²¼ÐÞ¸´²¹¶¡£¬ÒÔÐÞ¸´¸Ã©¶´¡£
MongoDB Server 8.2.x >= 8.2.3
MongoDB Server 8.0.x >= 8.0.17
MongoDB Server 7.0.x >= 7.0.28
MongoDB Server 6.0.x >= 6.0.27
MongoDB Server 5.0.x >= 5.0.32
MongoDB Server 4.4.x >= 4.4.30


ÏÂÔØÁ´½Ó£ºhttps://github.com/mongodb/mongo/tags/


3.2 ÁÙʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ²ßÂÔ£¬¹Ø±Õ·Ç±ØÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©±©Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫÐÔÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂë²ßÂÔ²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£


3.4 ²Î¿¼Á´½Ó


https://jira.mongodb.org/browse/SERVER-115508/
https://nvd.nist.gov/vuln/detail/CVE-2025-14847