• Executive Summary On Dec. • 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. • This flaw occurs prior to authentication, meaning an attacker only needs network access to the database’s default port to trigger it. • Key details of the threat are summarized below: - Vulnerability: CVE-2025-14847 is a critical, unauthenticated memory disclosure vulnerability in MongoDB Server’s handling of zlib-compressed messages (CVSS 8.7). • - Impact: This memory can contain sensitive data such as cleartext credentials, API keys, session tokens and personally identifiable information (PII). • - Status: Confirmed active exploitation in the wild.
Article Summaries:
- MongoDB Vulnerability (CVE‑2025‑14847) - Summary
On 19 Dec 2025, MongoDB disclosed “MongoBleed,” a critical memory‑disclosure flaw (CVSS 8.7) that allows unauthenticated attackers to leak heap data via zlib‑compressed network messages before authentication. The vulnerability exploits an unchecked uncompressedSize field in the OP_COMPRESSED header, causing the server to allocate oversized buffers and return error responses that expose sensitive data such as credentials, API keys, session tokens, and PII. Active exploitation has been confirmed, with a public PoC available. CISA added the flaw to its Known Exploited Vulnerabilities catalog on 29 Dec 2025. MongoDB Atlas customers receive automatic patches; self‑hosted instances must be manually updated. Detection and mitigation can be aided by next‑generation firewalls, Cortex XDR/XSIAM, Cortex Cloud, and Cortex Xpanse.
Sources: