MongoDB disclosed CVE-2025-14847 (MongoBleed), a critical unauthenticated memory disclosure vulnerability with CVSS 8.7 that allows attackers to leak sensitive heap memory through malformed zlib-compressed messages. The flaw affects MongoDB versions 4.4 through 8.2, requires only network access to port 27017, and can expose
•7m read time• From unit42.paloaltonetworks.com
Table of contents
Executive SummaryDetails of CVE-2025-14847Current Scope of the Attack Using CVE-2025-14847Interim GuidanceUnit 42 Managed Threat Hunting QueriesConclusionPalo Alto Networks Product Protections for CVE-2025-14847Sort: