Name of the Vulnerable Software and Affected Versions
MongoDB versions 3.6 through 8.2.3
MongoDB versions 8.0.0 through 8.0.16
MongoDB versions 7.0.0 through 7.0.28
MongoDB versions 6.0.0 through 6.0.27
MongoDB versions 5.0.0 through 5.0.32
MongoDB versions 4.4.0 through 4.4.30
Description
MongoDB is affected by a critical vulnerability (CVE-2025-14847), dubbed "MongoBleed," stemming from improper handling of length parameter inconsistency in Zlib compressed protocol headers. This allows an unauthenticated attacker to read uninitialized heap memory, potentially exposing sensitive information such as credentials, API keys, and session tokens. The vulnerability is actively being exploited in the wild, with over 87,000 instances potentially exposed globally. A public proof-of-concept (PoC) exploit is available, simplifying exploitation. The issue affects all MongoDB Server versions from 3.6 through 8.2.2, and is particularly dangerous for internet-exposed instances. The vulnerability is similar in nature to the Heartbleed bug.
Recommendations
MongoDB versions 3.6 through 8.2.3: Upgrade to a patched version (8.2.3 or later).
MongoDB versions 8.0.0 through 8.0.16: Upgrade to version 8.0.17 or later.
MongoDB versions 7.0.0 through 7.0.28: Upgrade to version 7.0.28 or later.
MongoDB versions 6.0.0 through 6.0.27: Upgrade to version 6.0.27 or later.
MongoDB versions 5.0.0 through 5.0.32: Upgrade to version 5.0.32 or later.
MongoDB versions 4.4.0 through 4.4.30: Upgrade to version 4.4.30 or later.
If an immediate upgrade is not possible, disable zlib compression on the MongoDB server.
Restrict network access to MongoDB instances to prevent unauthorized access.
Monitor logs for unusual activity and potential exploitation attempts.