top of page
perceptive_background_267k.jpg

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

Published:

29 december 2025 om 11:09:05

Alert date:

29 december 2025 om 17:02:45

Source:

tenable.com

Click to open the original link from this advisory

CVE-2025-14847, dubbed MongoBleed, is a memory leak vulnerability affecting MongoDB instances with zlib compression enabled. The flaw allows unauthenticated attackers to leak uninitialized memory containing sensitive data like credentials, session tokens, and API keys. Over 87,000 potentially vulnerable MongoDB instances have been identified globally. The vulnerability is actively exploited in the wild with public proof-of-concept code available on GitHub. MongoDB has released patches for all affected versions from 3.6 through 8.2. Immediate patching is strongly recommended due to active exploitation and widespread exposure of vulnerable instances.

Technical details

Mitigation steps:

Affected products:

MongoDB

Related links:

https://www.tenable.com/blog/cve-2025-14847-mongobleed-mongodb-memory-leak-vulnerability-exploited-in-the-wild
https://jira.mongodb.org/browse/SERVER-115508
https://www.tenable.com/cve/CVE-2025-14847
https://censys.com/advisory/cve-2025-14847
https://github.com/joe-desimone/mongobleed
https://www.tenable.com/cve/CVE-2025-14847/plugins
https://www.tenable.com/plugins/pipeline
https://www.mongodb.com/docs/manual/administration/security-checklist/
https://connect.tenable.com/category/news-you-need/discussions/vulnerability-watch
https://www.tenable.com/products/tenable-one

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page