All articles tagged with #cve 2025 14847
Originally Published 14 days ago — by The Hacker News
A critical vulnerability in MongoDB, CVE-2025-14847, allows unauthenticated attackers to remotely leak sensitive data by exploiting a flaw in zlib compression, with over 87,000 instances potentially affected worldwide. Users are advised to update their MongoDB versions and implement mitigations such as disabling zlib compression and restricting server exposure.
Originally Published 14 days ago — by CybersecurityNews
A critical security flaw called MongoBleed (CVE-2025-14847) in MongoDB servers is actively exploited in the wild, allowing attackers to leak sensitive data through malformed network packets before authentication, affecting many versions and exposing approximately 87,000 vulnerable instances worldwide. Immediate patching and monitoring are recommended.
Originally Published 15 days ago — by CybersecurityNews
A critical vulnerability named MongoBleed (CVE-2025-14847) affects over 87,000 MongoDB instances by allowing unauthenticated remote attackers to extract sensitive data through uninitialized memory disclosure in zlib decompression. The flaw impacts multiple versions, with patches available, and a PoC exploit has been released, increasing the risk of active exploitation. Administrators are urged to update their systems or apply temporary mitigations such as disabling zlib compression and restricting network access.
Originally Published 16 days ago — by CybersecurityNews
A PoC exploit called 'mongobleed' has been released for a critical MongoDB vulnerability (CVE-2025-14847) that allows attackers to remotely extract sensitive uninitialized memory data through a flaw in zlib decompression handling, prompting urgent patching and security measures.
Originally Published 16 days ago — by The Hacker News
A critical security vulnerability in MongoDB (CVE-2025-14847) allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive data. The flaw affects multiple versions and has been patched in newer releases; users are advised to upgrade or disable zlib compression to mitigate risks.
Originally Published 18 days ago — by BleepingComputer
MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.