CVE-2025-14847 MongoBleed in the Wild: Identifying MongoDB Exposure and Exploitation with Network Metadata by Fabien Guillot

MongoBleed (CVE-2025-14847) is a pre-auth, network-reachable MongoDB vulnerability that allows unauthenticated attackers to read server heap memory via zlib header length mismatches; a public proof-of-concept exists, and fixed releases across supported branches are available. The report details exposure scale, practical hunting and detection using Vectra network metadata and Suricata rules, and recommends immediate patching to specified fixed versions.