87,000+ MongoDB Instances Vulnerable to MongoBleed Flaw Exposed Online - PoC Exploit Released

A high-severity vulnerability, dubbed MongoBleed (CVE-2025-14847), has been identified in MongoDB Server, allowing unauthenticated remote attackers to siphon sensitive data from database memory. The flaw, with a CVSS score of 7.5, resides in the zlib message decompression implementation. It can lead to the exposure of sensitive artifacts such as cleartext credentials, session tokens, authentication keys, or customer PII. The vulnerability affects a wide range of MongoDB versions and requires no authentication to exploit. Over 87,000 potentially vulnerable MongoDB instances have been identified as exposed to the public internet. MongoDB has released patches, and administrators are urged to upgrade to the latest versions. Temporary mitigation strategies include disabling zlib compression and restricting network access to trusted IP addresses.