Summary
- One new Rapid Response advisory, queries, and ASM risk fingerprint for MongoBleed (CVE-2025-14847), a critical MongoDB uninitialized memory disclosure vulnerability.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
- MongoBleed - Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847]
- The following queries can be used to identify exposed and potentially vulnerable MongoDB instances.
New fingerprints
Added the following fingerprint.
| Type | Name | Description | Query |
|---|---|---|---|
| risk | MongoBleed: Vulnerable MongoDB [CVE-2025-14847] | This MongoDB server is running a version vulnerable to CVE-2025-14847 (MongoBleed), an unauthenticated memory leak vulnerability that allows remote attackers to exfiltrate sensitive data from the database server's heap memory without requiring credentials. | ASM query: risks.name="MongoBleed: Vulnerable MongoDB [CVE-2025-14847]" |