The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a MongoDB vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. CISA urges users to patch the vulnerability before January 19, 2026. Tracked as CVE-2025-14847, the vulnerability has a high severity rating with a CVSS score of 8.7. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to disclose sensitive data from the MongoDB server memory. The vulnerability … Continue reading “MongoDB Memory Disclosure Vulnerability Under Active Exploitation (CVE-2025-14847) (MongoBleed)”