- MongoBleed (CVE-2025-14847) leaks sensitive data via uninitialized heap exploitation
- Around 87,000 exposed MongoDB instances are vulnerable; most are located in the United States, China and Germany
- Patch released December 19; MongoDB Atlas auto-patched, no abuse confirmed in the wild yet
MongoBleed, a high-severity vulnerability that affects multiple versions of MongoDB, can now be easily exploited as a proof of concept (PoC) is now available on the web.
Earlier this week, security researcher Joe Desimone published code that exploits an “uninitialized heap read” vulnerability identified as CVE-2025-14847. This vulnerability, rated 8.7/10 (high), comes from “incompatible length fields in Zlib compressed protocol headers”.
By sending a poisoned message claiming a larger size when unpacked, the attacker can trick the server into allocating a larger buffer, through which it would leak in-memory data containing sensitive information, such as credentials, cloud keys, session tokens, API keys, configurations, and other data.
How to stay safe
Additionally, attackers leveraging MongoBleed do not require valid credentials to carry out their attack.
In its report, BleepingComputer confirms that there are approximately 87,000 potentially vulnerable instances exposed on the public Internet, according to Censys data. The majority are in the United States (20,000), with notable cases in China (17,000) and Germany (around 8,000).
Here is a list of all vulnerable versions:
MongoDB 8.2.0 to 8.2.3
MongoDB 8.0.0 to 8.0.16
MongoDB 7.0.0 to 7.0.26
MongoDB 6.0.0 to 6.0.26
MongoDB 5.0.0 to 5.0.31
MongoDB 4.4.0 to 4.4.29
All versions of MongoDB server v4.2
All versions of MongoDB server v4.0
All versions of MongoDB server v3.6
If you’re running any of the solutions above, be sure to update the patch: A patch for self-hosted instances has been available since December 19. Users running MongoDB Atlas do not need to do anything, since their instances have been automatically patched.
So far, there are no confirmed reports of abuse in the wild, although some researchers link MongoBleed to Ubisoft’s recent Rainbow Six Siege breach.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
