"MongoBleed": Exploit for critical vulnerability in MongoDB makes attacks easier
Those responsible for a MongoDB instance cannot rest easy: an exploit for a critical vulnerability makes upgrades even more urgent now.
(Image: janews/Shutterstock.com)
Just days after the security team of the NoSQL database software MongoDB admitted a serious security vulnerability, and while a significant portion of the world is still enjoying the holidays, details and an exploit have been published, making attacks significantly easier. The exploit has been dubbed "MongoBleed" by the CTO of the software company Elastic and posted on Github. According to initial reports, all that is needed is the IP address of a MongoDB instance, and various contents can be retrieved from memory, transmitted in plain text. Because it is so easy to use and MongoDB is extremely widespread, the vulnerability is likely to be exploited on a large scale quickly, writes security expert Kevin Beaumont.
According to the details about the vulnerability published shortly before Christmas, attackers can exploit a flaw in the zlib compression software to access non-reset dynamic memory (heap memory). This may still contain old data, such as passwords, keys, or other sensitive information. It was already stated that no credentials and not even user interaction are needed for this. The now available exploit proves this. This underscores the urgency with which those responsible for MongoDB instances are urged to update them.
Numerous versions affected, updates available
The vulnerability affects the following MongoDB server versions:
MongoDB 8.2.0 to 8.2.3
MongoDB 8.0.0 to 8.0.16
MongoDB 7.0.0 to 7.0.26
MongoDB 6.0.0 to 6.0.26
MongoDB 5.0.0 to 5.0.31
MongoDB 4.4.0 to 4.4.29
As well as all
MongoDB Server v4.2 versions
MongoDB Server v4.0 versions
MongoDB Server v3.6 versions
These should each be upgraded to MongoDB 8.2.3, 8.017, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.
Videos by heise
The security vulnerability published under CVE-2025-14847 is considered critical and has a CVSS score of 8.7. Those who cannot upgrade to one of the patched versions immediately should disable zlib compression on the MongoDB server. According to the MongoDB warning, this can be done "by starting mongod or mongos with a networkMessageCompressors or net.compression.compressors option that explicitly excludes zlib."
MongoDB is used by more than 62,000 customers worldwide, with over 200,000 instances found on the internet – over 20,000 of them in Germany. The database management system stores data in BSON documents (Binary JSON) instead of in tables like traditional relational SQL databases such as MySQL or PostgreSQL.
(mho)
