CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2025-14847
8.777.17%

MongoBleed: The Heartbleed of Databases (CVE-2025-14847)

Alon Barad
Alon Barad
Software Engineer

Jan 1, 2026·5 min read·10 visits

Active ExploitationCISA KEV ListedRansomware Use

Executive Summary (TL;DR)

Dubbed 'MongoBleed', this vulnerability mimics the infamous Heartbleed bug. By sending a crafted compressed packet, an unauthenticated attacker can trick the server into treating uninitialized heap memory as valid data. When the parser inevitably chokes on the garbage data, it helpfully echoes it back in an error message, leaking sensitive secrets like admin credentials and session tokens.

A critical, unauthenticated heap memory disclosure vulnerability in MongoDB's wire protocol handling allows attackers to bleed secrets—including passwords and AWS keys—directly from server memory.

Official Patches

MongoDBOfficial MongoDB Security Alert

Fix Analysis (1)

Technical Appendix

CVSS Score
8.7/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Probability
77.17%
Top 4% most exploited
45,000
Estimated exposed hosts via Shodan

Affected Systems

MongoDB Server 8.2.0 - 8.2.2MongoDB Server 8.0.0 - 8.0.16MongoDB Server 7.0.0 - 7.0.27MongoDB Server 6.0.0 - 6.0.26MongoDB Server 5.0.0 - 5.0.31MongoDB Server 4.4.0 - 4.4.29MongoDB Server 3.6, 4.0, 4.2 (All versions, EOL)

Affected Versions Detail

Product
Affected Versions
Fixed Version
MongoDB Server
MongoDB Inc.
8.2.0 - 8.2.28.2.3
MongoDB Server
MongoDB Inc.
8.0.0 - 8.0.168.0.17
MongoDB Server
MongoDB Inc.
7.0.0 - 7.0.277.0.28
MongoDB Server
MongoDB Inc.
6.0.0 - 6.0.266.0.27
MongoDB Server
MongoDB Inc.
5.0.0 - 5.0.315.0.32
MongoDB Server
MongoDB Inc.
4.4.0 - 4.4.294.4.30
MongoDB Server
MongoDB Inc.
3.6, 4.0, 4.2None (EOL)
AttributeDetail
CWE IDCWE-200 (Exposure of Sensitive Information)
CVSS v4.08.7 (High)
Attack VectorNetwork (Unauthenticated)
EPSS Score77.17%
Exploit StatusActive / Weaponized
Componentmessage_compressor_zlib.cpp
ProtocolOP_COMPRESSED (2012)

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1005Data from Local System
Collection
T1555Credentials from Password Stores
Credential Access
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an unauthorized actor by sending it back in an error message or other response.

Known Exploits & Detection

MetasploitAuxiliary scanner module for MongoBleed
GitHubPython PoC to extract heap dumps
NucleiNuclei detection template
NucleiDetection Template Available

Vulnerability Timeline

Vulnerability privately reported to MongoDB
2025-12-01
Patches released for supported versions
2025-12-15
Public PoC 'mongobleeder' released
2025-12-20
Added to CISA KEV Catalog
2025-12-29

References & Sources

  • [1]MongoDB JIRA Ticket (Restricted)
  • [2]CISA KEV Catalog

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.