Over 74,000 MongoDB database servers remain vulnerable to a critical security flaw after proof-of-concept exploit code for the MongoBleed vulnerability became publicly available.
The Shadowserver Foundation reports that 74,854 exposed MongoDB instances are running unpatched versions susceptible to CVE-2025-14847, representing 95% of all 78,725 MongoDB servers currently exposed online.
Critical Heap Memory Vulnerability
CVE-2025-14847, dubbed “MongoBleed,” is a critical vulnerability affecting MongoDB’s zlib compression implementation.
The flaw allows unauthenticated attackers to read uninitialized heap memory through mismatched length fields in Zlib compressed protocol headers.
This means threat actors can extract sensitive data from server memory without requiring any authentication credentials.
MongoDB has confirmed the vulnerability is being actively exploited in the wild. The flaw affects multiple MongoDB versions spanning several years, including all versions from 3.6 through recent 8.2.x releases.
Specifically impacted are MongoDB versions 8.2.0-8.2.3, 8.0.0-8.0.16, 7.0.0-7.0.26, 6.0.0-6.0.26, 5.0.0-5.0.31, 4.4.0-4.4.29, and all v4.2, v4.0, and v3.6 versions.
MongoDB has released emergency patches to address the vulnerability. Organizations must immediately upgrade to fixed versions: 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.
For systems that cannot be patched immediately, MongoDB recommends a temporary workaround: disable zlib compression by configuring the MongoDB server to omit zlib from network message compressors.
Administrators can set the option to “snappy,zstd” or “disabled” when starting mongod or mongos services.
The Shadowserver Foundation has implemented version-based tagging to identify vulnerable instances and is sharing IP addresses of affected systems through their Open MongoDB Report.
Security researchers warn that many MongoDB deployments also lack proper authentication, compounding the risk. Organizations running MongoDB should verify their patch status immediately and enable authentication if not already configured.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.