- MongoBleed (CVE-2025-14847) leaks sensitive data via uninitialized heap memory exploitation
- About 87,000 exposed MongoDB instances vulnerable; most located in the USA, China and Germany
- Patch released December 19; MongoDB Atlas auto-patched, no confirmed in-the-wild exploits yet
MongoBleed, a high-severity vulnerability that plagues multiple versions of MongoDB, can now be easily exploited as a proof-of-concept (PoC) is now available online.
Earlier this week, security researcher Joe Desimone published code that exploits a “read uninitialized heap memory” vulnerability tracked as CVE-2025-14847. This vulnerability, rated 8.7/10 (high), originates from “unmatched length fields in Zlib compressed protocol headers”.
By sending a poisoned message that claims a larger size when decompressed, the attacker can cause the server to allocate a larger memory buffer through which they would leak in-memory data containing sensitive information such as credentials, cloud keys, session tokens, API keys, configurations, and other data.
How to stay safe
What’s more – the attackers exploiting MongoBleed do not need valid credentials to complete the attack.
In its write-up, BleepingComputer confirms that there are about 87,000 potentially vulnerable instances exposed on the public Internet, according to data from Censys. The majority are located in the United States (20,000), with notable cases in China (17,000) and Germany (around 8,000).
Here is a list of all the vulnerable versions:
MongoDB 8.2.0 to 8.2.3
MongoDB 8.0.0 to 8.0.16
MongoDB 7.0.0 to 7.0.26
MongoDB 6.0.0 to 6.0.26
MongoDB 5.0.0 to 5.0.31
MongoDB 4.4.0 to 4.4.29
All MongoDB Server v4.2 versions
All MongoDB Server v4.0 versions
All MongoDB Server v3.6 versions
If you’re running any of the above, be sure to patch – a fix for self-hosted instances has been available since December 19th. Users running MongoDB Atlas do not need to do anything as their instances were automatically patched.
So far, there are no confirmed reports of in-the-wild abuse, although some researchers link MongoBleed to the recent Ubisoft Rainbow Six Siege breach.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
