Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-14847 is being actively exploited against MongoDB deployments, putting a global pool of 87,000+ potentially susceptible instances at risk. The wave matters because the flaw can leak sensitive memory from servers before authentication and without user interaction. Exposure is broad because the vulnerable zlib compression path is the default on affected instances.

Related Happenings

Ubiquiti UniFi OS security updates (multiple vulnerabilities)

Security Patch Release
First: 22.05.2026 15:00 Last: 22.05.2026 15:00 Sources 1

About this happening: **Ubiquiti** released **security updates** for **UniFi OS** to close **five vulnerabilities**, including **three maximum-severity flaws** that could let **remote attackers without...

Open Happening

PCPJack TeamPCP-targeting cloud credential theft campaign

Campaign
First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

About this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...

Open Happening

Zimbra Collaboration Suite actively exploited XSS flaw (CVE-2025-48700)

Vulnerability
First: 24.04.2026 16:35 Last: 24.04.2026 16:35 Sources 1

About this happening: **CVE-2025-48700** is an **actively exploited XSS flaw** in **Zimbra Collaboration Suite (ZCS)** that can let unauthenticated attackers run JavaScript inside a user's session and...

Open Happening

ComfyUI cryptomining and proxy botnet campaign targeting exposed instances

Campaign
First: 07.04.2026 15:46 Last: 07.04.2026 15:46 Sources 1

About this happening: An **active ComfyUI campaign** is scanning exposed instances, exploiting unsafe custom nodes, and enlisting compromised hosts into a **cryptomining and proxy botnet**. The operati...

Open Happening

UniFi Network Application path traversal flaw (CVE-2026-22557)

Vulnerability
First: 19.03.2026 15:00 Last: 19.03.2026 15:00 Sources 1

About this happening: **CVE-2026-22557** in the **UniFi Network Application** is a **path traversal** flaw affecting **version 10.1.85 and earlier** that can expose files and enable **possible account...

Open Happening

Timeline

  1. 29.12.2025 09:49 2 articles · 4mo ago

    MongoDB CVE-2025-14847 active exploitation and exposure scope

    Initial Disclosure

    MongoDB CVE-2025-14847, codenamed MongoBleed, is being actively exploited in the wild against MongoDB Server instances with zlib compression enabled, which is the default configuration. Censys identified more than 87,000 potentially vulnerable instances worldwide, with a majority in the U.S., China, Germany, India, and France, and Wiz said 42% of cloud environments have at least one MongoDB instance in a vulnerable version. The flaw in the zlib-based message decompression path can let an unauthenticated attacker leak sensitive data from MongoDB server memory before authentication, so operators are advised to update to fixed MongoDB Server releases, disable zlib compression where appropriate, restrict network exposure, and monitor MongoDB logs for anomalous pre-authentication connections.

    Show sources
    Open in new tab