A critical vulnerability, CVE-2025-14847, known as “MongoBleed,” is currently being actively exploited in MongoDB Server. This flaw, with a high Bitsight Dynamic Vulnerability Exploit score of 9.71, allows attackers to remotely read uninitialized heap memory due to improper handling of zlib-compressed network message headers. While initially suspected to be a remote code execution issue, it has been clarified that the vulnerability does not facilitate code execution but rather enables the extraction of sensitive in-memory data like credentials and API keys. Public exploit code is available, and numerous MongoDB servers worldwide, particularly in the United States, China, and Germany, are at risk. MongoDB has released patches for its Atlas clusters, but self-hosted deployments remain vulnerable until updated. The vulnerability’s low complexity and lack of required user interaction make it a significant threat, emphasizing the urgent need for patching or disabling zlib compression to mitigate risks.
Is MongoDB Vulnerable to the “MongoBleed” Threat?
