Thousands of servers exposed as MongoBleed vulnerability exploited

• MongoBleed (CVE-2025-14847) leaks sensitive data via uninitialized heap memory exploitation
• Roughly 87,000 exposed MongoDB instances vulnerable; most located in U.S., China, and Germany
• Patch released December 19; MongoDB Atlas auto-patched, no confirmed in-the-wild abuse yet

MongoBleed, a high-severity vulnerability plaguing multiple versions of MongoDB, can now easily be exploited since a proof-of-concept (PoC) is now available on the web.

Earlier this week, security researcher Joe Desimone published code that exploits a “read of uninitialized heap memory” vulnerability tracked as CVE-2025-14847. This vulnerability, rated 8.7/10 (high), stems from “mismatched length fields in Zlib compressed protocol headers”.

By sending a poisoned message claiming a larger size when decompressed, the attacker can cause the server to allocate a bigger memory buffer, through which they would leak in-memory data containing sensitive information, such as credentials, cloud keys, session tokens, API keys, configurations, and other data.