75,000 MongoDBs Exposed as Attackers Exploit 'MongoBleed'

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal Data Mathew J. Schwartz (euroinfosec) • December 30, 2025

Tens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data.

See Also: Securing AI by Design: Building Trustworthy AI at Scale

Tracked as CVE-2025-14847, the vulnerability has been dubbed "MongoBleed" for its ability to bleed vulnerable databases of their secrets. The flaw exists in every version of the document-oriented database software released since 2017.

The vulnerability exists in MongoDB's implementation of the zlib compression and decompression software. "When compression is enabled - which it often is for performance - an attacker can craft connections that cause the server to leak chunks of its memory in responses," said security researcher Eric Capuano.

"Attackers can exploit this to extract sensitive information from MongoDB servers, including user ...