U.S., Australia Say ‘MongoBleed’ Bug Being Exploited therecord.media/us-austra…
U.S. and Australian cyber agencies have confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday, impacting data storage systems from MongoDB.
The issue drew concern on Dec. 25 when a prominent researcher published exploit code for CVE-2025-14847—a vulnerability MongoDB announced on Dec. 15 and patched on Dec. 19.
The Cybersecurity and Infrastructure Security Agency added the bug to its catalogue of exploited vulnerabilities on Monday evening and ordered all federal civilian agencies to patch it by Jan. 19. A CISA spokesperson declined to comment further on what U.S. agencies are doing to protect potentially affected parties.
Australia’s Australian Cyber Security Centre said in an advisory that it “is aware of active global exploitation of this vulnerability.”
