An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit

A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week, is now under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency.

It wouldn't be the holiday break without a potentially devastating security vulnerability popping up to crash the PTO party, and this one definitely fits the bill, with one expert calling it "basically Heartbleed for MongoDB." 

Yeah, it's that serious. 

Identified as CVE-2025-14847, this CVSS 8.7 vulnerability in the widely used open-source MongoDB Server stems from mismatched length fields in zlib-compressed protocol headers. If exploited with a malformed packet, an unauthenticated remote attacker can read uninitialized heap memory. As OX Security pointed out on Christmas Eve, that means an attacker could expose user info, passwords, API keys, and more. 

"Although the attacker might need to send a large amount of requests to gather the full database, and some data might ...