MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server versions. According to the disclosure, the flaw can be exploited remotely by unauthentic

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

MongoDB patched CVE-2025-14847 (MongoBleed), a critical vulnerability with CVSS score 8.7 that allows unauthenticated attackers to read sensitive data from heap memory. The flaw stems from improper handling of zlib-compressed network traffic and affects all MongoDB versions since 2017. Security researchers report active exploitation in the wild, with 42% of cloud environments having at least one vulnerable instance and roughly 87,000 potentially exposed servers worldwide. MongoDB Atlas instances are already patched, but self-hosted deployments require immediate updates. The vulnerability can be exploited remotely without authentication, making internet-exposed database servers particularly vulnerable.

MongoBleed Vulnerability Allows Attackers to Read Data From MongoDB's Heap Memory