Hunting MongoBleed (CVE-2025-14847) blog.ecapuano.com/p/hunting…
CVE-2025-14847 dropped recently and it’s a nasty one. Dubbed “MongoBleed” by the security community, it’s a memory disclosure vulnerability in MongoDB’s zlib decompression that allows attackers to extract sensitive data—credentials, session tokens, PII—directly from server memory. No authentication required. If you’re running MongoDB in production, you need to pay attention to this.
Patches are available, and you should apply them immediately if you haven’t already. But patching alone isn’t enough—you need to know if you were exploited before the patch. That’s where detection comes in.
