A critical security flaw, identified as CVE-2025-14847 and dubbed “MongoBleed,” is currently being actively exploited, posing significant risks to MongoDB Server. This vulnerability, with a high Bitsight Dynamic Vulnerability Exploit (DVE) score of 9.71, arises from improper handling of zlib-compressed network message headers, which could allow attackers to remotely read uninitialized heap memory without authentication. Although initially suspected to enable remote code execution, it has been clarified that the flaw primarily leads to the exposure of sensitive in-memory data, such as credentials and API keys. Public proof-of-concept exploit code is available, and there are reports of ongoing exploitation attempts against vulnerable MongoDB servers. An urgent advisory has been issued for immediate patching, as an estimated 87,000 servers globally are at risk, with significant exposure in the United States, China, and Germany. MongoDB has confirmed that its Atlas clusters have been patched, but self-hosted deployments remain vulnerable until updated.
What is the MongoBleed vulnerability in MongoDB?
