- MongoBleed (CVE-2025-14847) leaks sensitive data by exploiting uninitialized dynamic memory
- Approximately 87,000 exposed MongoDB instances are vulnerable; Most are located in the US, China and Germany.
- Patch released December 19; MongoDB Atlas automatically patched, no abuse confirmed in the wild yet
MongoBleed, a high severity vulnerability affecting multiple versions of MongoDB, can now be easily exploited as a proof of concept (PoC) is available on the web.
Earlier this week, security researcher Joe Desimone published code that exploits an “uninitialized dynamic memory read” vulnerability tracked as CVE-2025-14847. This vulnerability, rated 8.7/10 (high), is due to “mismatched length fields in Zlib compressed protocol headers.”
By sending a poisoned message that claims to have a larger size when decompressed, the attacker can cause the server to allocate a larger memory buffer, through which they would leak in-memory data containing sensitive information such as credentials, cloud keys, session tokens, API keys, configurations, and other data.
How to stay safe
What’s more, attackers who exploit MongoBleed do not need valid credentials to carry out the attack.
In its article, BleepingComputer confirms that there are approximately 87,000 potentially vulnerable instances exposed on the public Internet, according to Censys data. Most are in the United States (20,000), with notable cases in China (17,000) and Germany (about 8,000).
Here is a list of all vulnerable versions:
MongoDB 8.2.0 to 8.2.3
MongoDB 8.0.0 to 8.0.16
MongoDB 7.0.0 to 7.0.26
MongoDB 6.0.0 to 6.0.26
MongoDB 5.0.0 to 5.0.31
MongoDB 4.4.0 to 4.4.29
All versions of MongoDB Server v4.2
All versions of MongoDB Server v4.0
All versions of MongoDB Server v3.6
If you’re running any of the above programs, be sure to apply the patch – a fix for self-hosted instances is available as of December 19. Users running MongoDB Atlas do not need to do anything as their instances have been patched automatically.
So far, there are no confirmed reports of abuse in the wild, although some researchers are linking MongoBleed to the recent Ubisoft Rainbow Six Siege breach.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
