CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

A memory-leak vulnerability in MongoDB's zlib decompression (CVE-2025-14847, "MongoBleed") can allow unauthenticated attackers to read uninitialized memory and potentially expose credentials, session tokens, and other sensitive data. A public proof-of-concept and reports of in-the-wild exploitation exist, and Censys identified roughly 87,000 potentially vulnerable internet-exposed instances; MongoDB has released patches and recommends disabling zlib or restricting access if immediate patching is not possible.