GLOBAL SITUATIONMONITORING
482 published briefsUTCFri, Mar 27 16:17:09
CVE-2025-14847
Unauthenticated pre-authentication vulnerability allowing remote attackers to read uninitialized memory without valid credentials
1 intelligence brief← Intelligence Hub
-
MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation
A critical pre-authentication memory disclosure vulnerability in MongoDB allows attackers to leak heap memory without credentials. With 87,000+ vulnerable instances globally and active exploitation confirmed, CISA has mandated patches for Federal agencies by January 19, 2026.