MongoBleed (CVE-2025-14847): A Critical MongoDB Memory Leak Vulnerability Hidden for 8 Years
Overview In late 2025, a high-severity memory information disclosure vulnerability that had been lurking in MongoDB for years was finally revealed. Dubbed MongoBleed, this flaw allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to
MongoDB Product Security Update Advisory (CVE-2025-14847)
Overview We have released security updates to fix vulnerabilities in MongoDB products. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-14847 MongoDB versions: 8.2.0 and above but below 8.2.3MongoDB version: 8.0.0 or later and 8.0.16 or earlierMongoDB version: 7.0.0 or
