BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CVE-2025-14847 ‘MongoBleed’ exposes 87,000 MongoDB Worldwide

MongoBleed (CVE-2025-14847): zlib compression flaw lets unauthenticated attackers leak MongoDB server memory — patches released; disable zlib, update versions, and restrict network exposure.

  • CVE-2025-14847 (nicknamed MongoBleed) lets unauthenticated attackers leak memory from MongoDB servers.
  • More than 87,000 potentially vulnerable instances were identified worldwide, many with default zlib compression enabled.
  • MongoDB has released patches and applied fixes to Atlas; administrators should update to the listed versions or disable zlib compression as a temporary measure.
  • Mitigations include restricting network exposure and monitoring logs for abnormal pre-authentication connections.

On Dec 29, 2026, researchers disclosed CVE-2025-14847, a high-severity vulnerability (CVSS 8.7) that lets unauthenticated actors read sensitive data from MongoDB server memory. The flaw, called MongoBleed, affects servers using zlib-based compression and is already being exploited in the wild.

- Advertisement -

A CVE (Common Vulnerabilities and Exposures) is a standardized identifier for a software security flaw. zlib is a widely used data compression library used to compress and decompress network messages.

OX Security reported that the issue stems from zlib message decompression and noted, “A flaw in zlib compression allows attackers to trigger information leakage,” adding that an attacker can extract data by sending malformed packets (see OX Security). Wiz described how malformed compressed network packets can expose uninitialized heap memory prior to authentication (see Wiz).

Researchers Merav Bar and Amitai Cohen explained the root cause: “The affected logic returned the allocated buffer size (output.length()) instead of the actual decompressed data length, allowing undersized or malformed payloads to expose adjacent heap memory,” as stated in the Wiz analysis.

Data from Censys shows more than 87,000 potentially vulnerable instances, concentrated in the U.S., China, Germany, India, and France. MongoDB advised updating to versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30, and has applied patches to Atlas (see Patches for MongoDB Atlas).

- Advertisement -

The vulnerability also affects the Ubuntu rsync package, which uses zlib. Temporary mitigations include disabling zlib compression by starting mongod or mongos with networkMessageCompressors or net.compression.compressors options that omit zlib, restricting network exposure, and monitoring MongoDB logs for anomalous pre-authentication connections.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

The 13 Best Crypto Advertising Networks to Grow Your Project

TABLE OF CONTENTSWhy Traditional Ad Networks (Like Google & Facebook) Fail CryptoQuick-View Comparison TableHow to Choose the Right Crypto Ad Network for Your ProjectBest...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading