A recently patched and publicly disclosed security vulnerability in MongoDB, which threatens the theft of confidential data, has been actively used in attacks. The publication of the PoC has increased the threat; Administrators should update the product as soon as possible.
The cause of the CVE-2025-14847 issue, codenamed MongoBleed, is a logic error in the zlib data decompression implementation, which also occurs before authentication.
Upon receiving a message from the client, the MongoDB server blindly trusts the size of the data specified during the transfer and, therefore, may return the contents of an uninitialized heap.
Therefore, by sending multiple requests to the server, an unauthorized attacker will be able to obtain sensitive information such as internal state and pointers. No need to interact with legitimate users.
The vulnerability received a CVSS score of 8.7, affecting multiple versions of the MongoDB DBMS, both supported and obsolete. The threat is also related to Ubuntu.
The patch released this month comes in builds 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32 and 4.4.30. Due to ongoing attacks as well as the publication of PoC code on GitHub, users are advised to update as soon as possible.
If this is not possible, you can temporarily disable zlib, limit access to the MongoDB server over the network, and monitor logs for unusual unauthorized connections.
An internet scan conducted by Censys identified more than 87,000 potentially vulnerable MongoDB instances, with the highest concentration in the US, China and Germany.
