SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
28 December 2025

SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

About

MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847
Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited
https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977
https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5728
https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
https://github.com/joe-desimone/mongobleed/