The U.S. Cybersecurity and Infrastructure Safety Company (CISA) ordered authorities businesses to safe their methods in opposition to a high-severity MongoDB flaw that’s actively being exploited in assaults.
Dubbed MongoBleed and tracked as CVE-2025-14847, this vulnerability was patched on December 19, 2025, and it stems from how MongoDB Server processes community packets utilizing the zlib library for knowledge compression.
Profitable exploitation permits unauthenticated risk actors to remotely steal credentials and different delicate knowledge, together with API and/or cloud keys, session tokens, inside logs, and personally identifiable info (PII), via low-complexity assaults that do not require consumer interplay.
Elastic safety researcher Joe Desimone has additionally launched a proof-of-concept (PoC) exploit that leaks delicate reminiscence knowledge when focusing on unpatched hosts.
On Monday, Web safety watchdog Shadowserver discovered over 74,000 Web-exposed, doubtlessly weak MongoDB situations. Censys can also be monitoring over 87,000 IP addresses which were fingerprinted as working probably unpatched MongoDB variations.
In line with telemetry knowledge from the cloud safety platform Wiz, which additionally tagged the vulnerability as exploited within the wild over the weekend, the affect throughout the cloud setting seems important, as 42% of seen methods “have at the very least one occasion of MongoDB in a model weak to CVE-2025-14847.”
CISA has now confirmed Wiz’s report and has added the MongoBleed safety flaw to its checklist of vulnerabilities exploited in assaults, ordering Federal Civilian Govt Department (FCEB) businesses to patch their methods inside three weeks, by January 19, 2026.
FCEB businesses are non-military U.S. government department businesses, together with the Division of Homeland Safety, the Division of the Treasury, the Division of Vitality, and the Division of Well being and Human Companies.
“A majority of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” CISA warned. “Apply mitigations per vendor directions, observe relevant BOD 22-01 steerage for cloud companies, or discontinue use of the product if mitigations are unavailable.”
Community defenders who cannot instantly apply safety patches to safe their methods are suggested to disable zlib compression on the server.
A MongoBleed Detector that parses MongoDB logs and identifies potential CVE-2025-14847 exploitation can also be accessible for admins who need to determine weak servers on their networks.
MongoDB is an especially common non-relational database administration system (DBMS) utilized by over 62,500 organizations worldwide, together with dozens of Fortune 500 firms.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising tendencies, and examine their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable affect.
