#Tag · bonfire.cafe

Joel Michael boosted

Kevin Beaumont

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

Kevin Beaumont

@GossiTheDog@cyberplace.social · 3 weeks ago

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

Zack Whittaker boosted

Silas Cutler

@silas@infosec.exchange · 3 weeks ago

Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed

From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts

https://censys.com/advisory/cve-2025-14847

Censys

MongoBleed: Critical MongoDB Flaw [CVE-2025-14847]

Censys Rapid Response | MongoBleed [CVE-2025-14847] enables unauthenticated MongoDB memory disclosure via zlib decompression. Upgrade now to prevent leaks.

Silas Cutler

@silas@infosec.exchange · 3 weeks ago

Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed

From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts

https://censys.com/advisory/cve-2025-14847

Censys

MongoBleed: Critical MongoDB Flaw [CVE-2025-14847]

Censys Rapid Response | MongoBleed [CVE-2025-14847] enables unauthenticated MongoDB memory disclosure via zlib decompression. Upgrade now to prevent leaks.

Hacker News

@h4ckernews@mastodon.social · 3 weeks ago

MongoBleed Explained Simply

https://bigdata.2minutestreaming.com/p/mongobleed-explained-simply

#HackerNews #MongoBleed #MongoDB #Security #TechExplained #DataBreach #CyberSecurity

MongoBleed explained simply

CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:

AAKL

@AAKL@infosec.exchange · 3 weeks ago

New.

Wiz: MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know https://www.wiz.io/blog/mongobleed-cve-2025-14847-exploited-in-the-wild-mongodb @wiz #infosec #MongoBleed

wiz.io

MongoBleed (CVE-2025-14847) exploited in the wild | Wiz Blog

Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild.

Hacker News

@h4ckernews@mastodon.social · 4 weeks ago

MongoBleed

https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

#HackerNews #MongoBleed #cybersecurity #vulnerabilities #data #breach #hacking #security

GitHub

mongobleed/mongobleed.py at main · joe-desimone/mongobleed

Contribute to joe-desimone/mongobleed development by creating an account on GitHub.