MongoDB CVE-2025-14847 (“MongoBleed”) is a high-severity flaw in the server’s default zlib compression that lets unauthenticated attackers send malformed compressed packets and read uninitialized heap memory, potentially exposing passwords, API keys, and other sensitive data from MongoDB instances. The bug is being actively exploited against tens of thousands of internet-exposed servers worldwide, leading vendors and agencies to urge administrators to urgently upgrade to the fixed MongoDB releases or, as a temporary mitigation, disable zlib compression and lock down network access while monitoring for suspicious pre-authentication connections.
