MongoDB flaw under active exploit, 87,000 servers exposedMongoDB disclosed CVE-2025-14847, dubbed MongoBleed, a high-severity vulnerability allowing unauthenticated attackers to extract sensitive data from server memory, with active exploitation confirmed shortly after a public exploit became available on December 26, 2025.The flaw affects a broad range of MongoDB versions from legacy 3.6 through 8.2.2 due to improper handling of zlib-based network message decompression, with approximately 87,000 instances exposed worldwide and 42% of cloud environments hosting at least one vulnerable instance, according to Censys and Wiz.MongoDB has released patches for all affected versions and recommends immediate upgrades or disabling zlib compression as a temporary workaround, while unverified reports link the vulnerability to a breach of Ubisoft's Rainbow Six Siege servers that forced the game offline.Read detailed

MongoDB flaw under active exploit, 87,000 servers exposed

MongoDB disclosed CVE-2025-14847, dubbed MongoBleed, a high-severity vulnerability allowing unauthenticated attackers to extract sensitive data from server memory, with active exploitation confirmed shortly after a public exploit became available on December 26, 2025.

The flaw affects a broad range of MongoDB versions from legacy 3.6 through 8.2.2 due to improper handling of zlib-based network message decompression, with approximately 87,000 instances exposed worldwide and 42% of cloud environments hosting at least one vulnerable instance, according to Censys and Wiz.

MongoDB has released patches for all affected versions and recommends immediate upgrades or disabling zlib compression as a temporary workaround, while unverified reports link the vulnerability to a breach of Ubisoft's Rainbow Six Siege servers that forced the game offline.

Read detailed