vulnerability🌍AmericasBleepingComputer
CISA orders feds to patch MongoBleed flaw exploited in attacks
Tuesday, December 30, 2025
What
A high-severity vulnerability (CVE-2025-14847, dubbed MongoBleed) in MongoDB Server's zlib compression processing allows unauthenticated remote data theft. CISA mandated U.S. federal agencies patch this actively exploited flaw due to significant risk to sensitive data.
Where
U.S. Federal Civilian Executive Branch (FCEB) agencies, and potentially over 87,000 Internet-exposed MongoDB instances globally, with significant cloud impact.
When
Patched December 19, 2025; CISA order issued December 30, 2025, with a deadline of January 19, 2026.
Key Factors
- •The MongoBleed flaw (CVE-2025-14847) in MongoDB Server's zlib compression processing enables unauthenticated remote theft of sensitive data like credentials and PII.
- •Over 87,000 Internet-exposed MongoDB instances are potentially vulnerable, with cloud telemetry indicating 42% of visible systems run an affected version.
- •CISA has confirmed active exploitation and mandated U.S. Federal Civilian Executive Branch agencies patch within three weeks.
Takeaways
- →Immediately apply vendor patches for CVE-2025-14847 or disable zlib compression on MongoDB servers if patching is not feasible, and use the provided detector.
- →Organizations must prioritize patching actively exploited vulnerabilities, especially those allowing unauthenticated remote access to critical data, to prevent significant enterprise risk.
Read Full Article
Opens original article on BleepingComputer
