THREAT OPS › Threat News › Merry Christmas Day! Have a MongoDB security incident.
Merry Christmas Day! Have a MongoDB security incident.
<p>Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.</p><p>Here’s said exploit:</p><p><a href="https://github.com/joe-desimone/mongobleed/">GitHub - joe-desimone/mongobleed</a></p><p>The vuln, which dropped just before Christmas, in theory allowed memory read without authentication. Patches are available. It impacts every version of MongoDB going back a
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- CVE-2025-14847cve
- https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/#technical_analysisurl
- https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/url