Active Exploitation of High-Severity Vulnerability Affecting MongoDB, “MongoBleed” (CVE-2025-14847)

(TLP:AMBER) A high-severity vulnerability affecting many versions of MongoDB Server is under active exploitation by threat actors. WaterISAC is sharing indicators of compromise (IOCs) shareable as TLP:AMBER. See PDF Attached.

The vulnerability has been designated with the “bleed” suffix due to its potential to leak memory or sensitive data, similar in nature to major vulnerabilities like Heartbleed and CitrixBleed. This is a highly dangerous vulnerability as no authentication is required, the vulnerability is in the default configuration, and sensitive data can leak incrementally…