"Dubbed MongoBleed after the notoriously famous Heartbleed, the vulnerability has a CVSS score of 8.7 and is triggered by improper handling of zlib-compressed network traffic, allowing unauthenticated attackers to leak uninitialized memory and potentially steal sensitive data such as credentials or tokens from affected MongoDB servers. According to security researchers at Wiz, the flaw is being actively exploited in the wild."
"As stated in MongoDB's announcement, managed instances on MongoDB Atlas have already been patched, but self-hosted MongoDB deployments remain at risk if not updated. Organizations are strongly advised to apply security patches immediately or disable compression and restrict network exposure. Merav Bar, Amitai Cohen, Yaara Shriki, and Gili Tikochinski explain: CVE-2025-14847 stems from a flaw in MongoDB Server's zlib-based network message decompression logic, which is processed prior to authentication. By sending malformed, compressed network packets, an unauthenticated attacker can trigger the server to mishandle decompressed message lengths, resulting in uninitialized heap memory being returned to the client."
A zlib-based decompression vulnerability (CVE-2025-14847) affects multiple supported and legacy MongoDB Server versions and can be exploited remotely without authentication. The flaw causes mishandled decompressed message lengths and returns uninitialized heap memory, enabling theft of sensitive data including credentials and tokens. Managed MongoDB Atlas instances have been patched, while self-hosted deployments remain vulnerable if unpatched. Active exploitation has been observed in the wild. Immediate remediation steps include applying security patches, disabling compression, and restricting network exposure. Research indicates a significant exposure surface with many cloud environments and tens of thousands of potentially exposed servers.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]