general🌐InternationalHeise Security
MongoBleed Vulnerability Exposes Thousands of MongoDB Instances
Wednesday, December 31, 2025
What
A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed in MongoDB, enabling attackers to gain unauthenticated access to credentials over the network. This flaw is significant because public Proof-of-Concept code exists, making widespread exploitation highly probable and posing a substantial risk to data security.
Where
Globally, nearly 90,000 MongoDB instances are affected, with China, USA, and Germany (11,547 instances) having the highest numbers. Hetzner Online GmbH is the top affected provider.
When
Disclosed around Christmas, with public PoC code emerging recently.
Key Factors
- •The vulnerability, CVE-2025-14847 with CVSS 8.7, allows unauthenticated network access to sensitive data, reminiscent of the 'CitrixBleed' incident.
- •A significant number of 90,000 MongoDB instances worldwide are vulnerable, with Germany ranking third globally and German provider Hetzner Online GmbH having the most affected servers.
- •The flaw specifically impacts instances with zlib compression activated, which is often the default configuration, making many systems susceptible to attack.
Takeaways
- →Admins must immediately update vulnerable MongoDB instances to versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30, or newer, as older versions are End-of-Life.
- →As a temporary mitigation, disable zlib compression or restrict network access to MongoDB's default port (27017) using firewalls or VPNs.
Read Full Article
Opens original article on Heise Security
