MongoBleed (CVE-2025-14847): A Critical MongoDB Memory Leak Vulnerability Hidden for 8 Years
Overview In late 2025, a high-severity memory information disclosure vulnerability that had been lurking in MongoDB for years was finally revealed. Dubbed MongoBleed, this flaw allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to
MongoDB Product Security Update Advisory (CVE-2025-14847)
Overview We have released security updates to fix vulnerabilities in MongoDB products. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-14847 MongoDB versions: 8.2.0 and above but below 8.2.3MongoDB version: 8.0.0 or later and 8.0.16 or earlierMongoDB version: 7.0.0 or
MongoDB Family Security Update Advisory (CVE-2024-7553)
Overview MongoDB has released updates to fix vulnerabilities in their family of products. Users of...
MongoDB Product Security Update Advisory (CVE-2024-6376)
Overview A security update has been released addressing vulnerabilities in the MongoDB Compass product. Users...
