Overview In late 2025, a high-severity memory information disclosure vulnerability that had been lurking in MongoDB for years was finally revealed. Dubbed MongoBleed, this flaw allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) […]

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.