Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.

Unit42 is a cybersecurity research team known for its  analysis of cyber threats, malware, and cyber attack trends. Through research reports, threat intelligence briefings, and data analysis, Unit42 offers insights into emerging cyber threats and adversary tactics. Readers can learn about threat detection methodologies, vulnerability trends, and cyber attack attribution to enhance their cybersecurity posture and protect their organizations from advanced cyber threats.

Unit 42

MongoDB disclosed CVE-2025-14847 (MongoBleed), a critical unauthenticated memory disclosure vulnerability with CVSS 8.7 that allows attackers to leak sensitive heap memory through malformed zlib-compressed messages. The flaw affects MongoDB versions 4.4 through 8.2, requires only network access to port 27017, and can expose credentials, API keys, and PII. CISA added it to the KEV catalog after confirming active exploitation, with approximately 146,000 vulnerable instances exposed to the internet. Immediate patching is recommended, with interim mitigations including network segmentation and disabling zlib compression. While exploitation requires thousands of requests creating detectable patterns, the vulnerability poses significant risk to unpatched self-hosted MongoDB servers.

Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

Current Scope of the Attack Using CVE-2025-14847

Palo Alto Networks Product Protections for CVE-2025-14847