A critical vulnerability in MongoDB, CVE-2025-14847, is actively being exploited, affecting over 87,000 instances worldwide. The flaw arises from a zlib compression issue that can leak sensitive data without requiring user authentication. #MongoBleed #CVE202514847
Keypoints
- The vulnerability allows attackers to remotely access sensitive data from MongoDB servers.
- It exploits a flaw in the zlib compression implementation used in MongoDB.
- Over 87,000 instances are potentially vulnerable, mainly in the U.S., China, Germany, India, and France.
- Mitigation strategies include updating MongoDB versions and disabling zlib compression.
- Exposed MongoDB servers should have restricted network access and monitored logs for suspicious activity.
Read More: https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html