general🌐InternationalINCIBE Spain
A New Security Advisory
Tuesday, December 30, 2025
What
MongoDB servers are vulnerable to MongoBleed, a critical flaw in their zlib compression handling. This allows remote, unauthenticated attackers to exploit memory allocation issues to read confidential data from the server's heap memory.
Where
Affects various versions of MongoDB servers globally, including 8.2.0-8.2.2, 8.0.0-8.0.16, 7.0.0-7.0.26, 6.0.0-6.0.26, 5.0.0-5.0.31, 4.4.0-4.4.29, and all versions of 4.2, 4.0, and 3.6.
When
Disclosed on December 30, 2025.
Key Factors
- •The MongoBleed vulnerability (CVE-2025-14847) stems from MongoDB's zlib compression implementation, specifically in `message_compressor_zlib.cpp`, which incorrectly returns the allocated buffer size instead of the actual decompressed data length.
- •This flaw enables unauthenticated remote attackers to craft malicious payloads that, when decompressed, can access adjacent heap memory, leading to the exposure of sensitive data like user credentials and API keys.
- •The vulnerability is highly critical due to its widespread impact on numerous MongoDB server versions globally and the public availability of a Proof of Concept (PoC).
Takeaways
- →Immediately update MongoDB servers to patched versions (e.g., 8.2.3, 8.0.17, 7.0.28) or disable zlib compression by configuring `networkMessageCompressors` to 'snappy', 'zstd', or 'disabled'.
- →Enhance network security by limiting MongoDB server exposure to public networks through firewalls to mitigate potential remote exploitation attempts.
Read Full Article
Opens original article on INCIBE Spain
