#mongobleed

#mongobleed

A zlib decompression flaw (MongoBleed) in MongoDB 4.4–8.2.2 is actively exploited to extract server memory and sensitive data without authentication.

A zlib decompression flaw (CVE-2025-14847, MongoBleed) allows unauthenticated remote memory disclosure in default-enabled MongoDB, exposing sensitive data from many internet-exposed instances.