All articles tagged with #cve 2025 14847
A critical vulnerability in MongoDB, CVE-2025-14847, allows unauthenticated attackers to remotely leak sensitive data by exploiting a flaw in zlib compression, with over 87,000 instances potentially affected worldwide. Users are advised to update their MongoDB versions and implement mitigations such as disabling zlib compression and restricting server exposure.
A critical security flaw called MongoBleed (CVE-2025-14847) in MongoDB servers is actively exploited in the wild, allowing attackers to leak sensitive data through malformed network packets before authentication, affecting many versions and exposing approximately 87,000 vulnerable instances worldwide. Immediate patching and monitoring are recommended.
A critical vulnerability named MongoBleed (CVE-2025-14847) affects over 87,000 MongoDB instances by allowing unauthenticated remote attackers to extract sensitive data through uninitialized memory disclosure in zlib decompression. The flaw impacts multiple versions, with patches available, and a PoC exploit has been released, increasing the risk of active exploitation. Administrators are urged to update their systems or apply temporary mitigations such as disabling zlib compression and restricting network access.
A PoC exploit called 'mongobleed' has been released for a critical MongoDB vulnerability (CVE-2025-14847) that allows attackers to remotely extract sensitive uninitialized memory data through a flaw in zlib decompression handling, prompting urgent patching and security measures.
A critical security vulnerability in MongoDB (CVE-2025-14847) allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive data. The flaw affects multiple versions and has been patched in newer releases; users are advised to upgrade or disable zlib compression to mitigate risks.
MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.