CVE-2025-14847

ENISA EUVD: EUVD-2025-204529 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

58.88%

probability

This CVE has a 58.88% probability of being exploited in the next 30 days.

0% Top 98.2th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

8.7

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

None

Vulnerable System Availability Impact

None

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Attack Intelligence

CWE-130 · Improper Validation of Loop Index CWE-228 CWE-237 CWE-240 CWE-703 · Improper Check or Handling of Exceptional Conditions CWE-707 · Improper Neutralization

Exploits & PoC

Black1hp/mongobleed-scanner

MongoDB CVE-2025-14847 Heap Memory Leak Scanner | OP_COMPRESSED zlib Vulnerability | Bug Bounty & Red Team Tool

cybertechajju/CVE-2025-14847_Expolit

a critical memory disclosure vulnerability in MongoDB's zlib compression handling. This tool allows security researchers to extract sensitive data fro

ProbiusOfficial/CVE-2025-14847

poc for CVE-2025-14847

onewinner/CVE-2025-14847

MongoDB 内存泄露漏洞 (CVE-2025-14847) 检测工具

Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847

Exploit lab, docker and code scanner for mongobleed Vulnerability CVE-2025-14847 plus Phoenix Security Sync tools

chinaxploiter/CVE-2025-14847-PoC

Academic proof-of-concept demonstrating CVE-2025-14847 for authorized security research.

joshuavanderpoll/CVE-2025-14847

CVE-2025-14847 (MongoBleed)

franksec42/mongobleed-exploit-CVE-2025-14847

Explot, Lab, Scanner - external and docker container, for SMongobleed-CVE-2025-14847 plus phoenix security uploader

nma-io/mongobleed

golang test tool for mongobleed (cve-2025-14847)

peakcyber-security/CVE-2025-14847

CVE-2025-14847 | MongoBleed vulnerability proof of concept project

10 repos — triés par ⭐ Rechercher sur GitHub ↗

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

TheHackerNews Dec 29, 2025

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

TheHackerNews Dec 29, 2025

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

TheHackerNews Dec 27, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 58.88%

CVSS v4.0 8.7

Mentions 3

Last Seen Dec 29, 2025

CNA Information

Analyst Note

CVE-2025-14847 is explicitly reported as 'Under Active Exploitation Worldwide' with over 87,000 susceptible instances identified. Published December 19, 2025, with active exploitation documented immediately thereafter. No evidence of prior public patch availability before exploitation reports, meeting zero-day criteria.