MongoBleed Vulnerability Allows Attackers to Read Data From MongoDB’s Heap Memory

MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server versions. According to the disclosure, the flaw can be exploited remotely by unauthenticated attackers with low complexity, potentially leading to the exfiltration of sensitive data and credentials.

By Renato Losio