Skip to content

Instantly share code, notes, and snippets.

@alon710

alon710/CVE-2025-14847.md

Created January 24, 2026 22:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save alon710/238e51e346d89fe20794a4f999fa8375 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save alon710/238e51e346d89fe20794a4f999fa8375 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2025-14847: MongoBleed: The Heartbleed of Databases (CVE-2025-14847) - CVE Security Report
Raw
CVE-2025-14847.md

CVE-2025-14847: MongoBleed: The Heartbleed of Databases (CVE-2025-14847)

CVSS Score: 8.7 Published: 2025-12-19 Full Report: https://cvereports.com/reports/CVE-2025-14847

Summary

A critical, unauthenticated heap memory disclosure vulnerability in MongoDB's wire protocol handling allows attackers to bleed secrets—including passwords and AWS keys—directly from server memory.

TL;DR

Dubbed 'MongoBleed', this vulnerability mimics the infamous Heartbleed bug. By sending a crafted compressed packet, an unauthenticated attacker can trick the server into treating uninitialized heap memory as valid data. When the parser inevitably chokes on the garbage data, it helpfully echoes it back in an error message, leaking sensitive secrets like admin credentials and session tokens.

Exploit Status: ACTIVE

Technical Details

  • CWE ID: CWE-200 (Exposure of Sensitive Information)
  • CVSS v4.0: 8.7 (High)
  • Attack Vector: Network (Unauthenticated)
  • EPSS Score: 77.17%
  • Exploit Status: Active / Weaponized
  • Component: message_compressor_zlib.cpp
  • Protocol: OP_COMPRESSED (2012)

Affected Systems

  • MongoDB Server 8.2.0 - 8.2.2
  • MongoDB Server 8.0.0 - 8.0.16
  • MongoDB Server 7.0.0 - 7.0.27
  • MongoDB Server 6.0.0 - 6.0.26
  • MongoDB Server 5.0.0 - 5.0.31
  • MongoDB Server 4.4.0 - 4.4.29
  • MongoDB Server 3.6, 4.0, 4.2 (All versions, EOL)
  • MongoDB Server: 8.2.0 - 8.2.2 (Fixed in: 8.2.3)
  • MongoDB Server: 8.0.0 - 8.0.16 (Fixed in: 8.0.17)
  • MongoDB Server: 7.0.0 - 7.0.27 (Fixed in: 7.0.28)
  • MongoDB Server: 6.0.0 - 6.0.26 (Fixed in: 6.0.27)
  • MongoDB Server: 5.0.0 - 5.0.31 (Fixed in: 5.0.32)
  • MongoDB Server: 4.4.0 - 4.4.29 (Fixed in: 4.4.30)
  • MongoDB Server: 3.6, 4.0, 4.2 (Fixed in: None (EOL))

Mitigation

  • Upgrade to patched MongoDB binaries immediately.
  • Disable zlib compression in the network configuration.
  • Restrict network access to port 27017 using firewalls/security groups.

Remediation Steps:

  1. Identify vulnerable instances: Check mongod --version against the affected list.
  2. Apply Patch: Upgrade to 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.
  3. Emergency Workaround: If patching is delayed, edit mongod.conf. Under net.compression.compressors, remove zlib.
  4. Restart the mongod service to apply changes.
  5. Rotate Credentials: Assume all database passwords and keys on exposed servers are compromised.

References

Generated by CVEReports - Automated Vulnerability Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment