MongoBleed

Current link points straight to the Python code without a lot of context, so here’s the top of the readme:

> CVE-2025-14847 - MongoDB Unauthenticated Memory Leak Exploit

> A proof-of-concept exploit for the MongoDB zlib decompression vulnerability that allows unauthenticated attackers to leak sensitive server memory.

Do people usually run Mongo in a mode that allows unauthenticated calls? I don’t know anything about Mongo. This just seems surprising.

Good write ups:

https://doublepulsar.com/merry-christmas-day-have-a-mongodb-...

https://blog.ecapuano.com/p/hunting-mongobleed-cve-2025-1484...

Luckily most people wouldn't use zlib anyway, they'd use snappy or zstd, and this also requires authenticated access to the cluster ....