1 article
CVE-2025-14847, named MongoBleed, is an unauthenticated memory disclosure vulnerability in MongoDB Server that allows attackers to read uninitialized heap memory from any internet-exposed instance. With 87,000 potentially vulnerable deployments globally and CISA KEV inclusion confirmed, active exploitation campaigns are targeting MongoDB instances to extract credentials, API keys, and sensitive data cached in server memory. The fix has been available since December 2025.