module
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
| Disclosed |
|---|
| Dec 19, 2025 |
Disclosed
Dec 19, 2025
Description
This module exploits a memory disclosure vulnerability in MongoDB's zlib
decompression handling (CVE-2025-14847). By sending crafted OP_COMPRESSED
messages with inflated BSON document lengths, the server reads beyond the
decompressed buffer and returns leaked memory contents in error messages.
The vulnerability allows unauthenticated remote attackers to leak server
memory which may contain sensitive information such as credentials, session
tokens, encryption keys, or other application data.
decompression handling (CVE-2025-14847). By sending crafted OP_COMPRESSED
messages with inflated BSON document lengths, the server reads beyond the
decompressed buffer and returns leaked memory contents in error messages.
The vulnerability allows unauthenticated remote attackers to leak server
memory which may contain sensitive information such as credentials, session
tokens, encryption keys, or other application data.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.