All articles tagged with #mongobleed
A critical security flaw called MongoBleed (CVE-2025-14847) in MongoDB servers is actively exploited in the wild, allowing attackers to leak sensitive data through malformed network packets before authentication, affecting many versions and exposing approximately 87,000 vulnerable instances worldwide. Immediate patching and monitoring are recommended.
A critical vulnerability named MongoBleed (CVE-2025-14847) affects over 87,000 MongoDB instances by allowing unauthenticated remote attackers to extract sensitive data through uninitialized memory disclosure in zlib decompression. The flaw impacts multiple versions, with patches available, and a PoC exploit has been released, increasing the risk of active exploitation. Administrators are urged to update their systems or apply temporary mitigations such as disabling zlib compression and restricting network access.