SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
7 snips
Dec 28, 2025 A critical vulnerability in MongoDB has left sensitive memory exposed and is currently being exploited. This flaw resembles the infamous Heartbleed, leaking random process data, including secrets and keys. With a patch announced just before Christmas, many systems remain at risk, especially those embedded in other products. Experts recommend not exposing MongoDB online and emphasize the need for immediate action if a compromise is suspected. Tune in for insights on securing your databases and understanding the implications of this new threat.
AI Snips
Chapters
Transcript
Episode notes
MongoDB Memory Disclosure Is Heartbleed-Like
- MongoDB had a memory-disclosure bug that behaved similarly to Heartbleed and leaked allocated process memory.
- The leak exposes potentially sensitive data like keys and other secrets embedded in process memory.
Compression And Length Mismatch Causes Leak
- The bug arises from compression-related length reporting returning full allocated buffer size, not actual used size.
- That discrepancy causes extra bytes of process memory to be returned when parsing crafted BSON input.
Patch Immediately — Exploit Is Public
- Patch MongoDB immediately because a proof-of-concept exploit and test case were published with the patch.
- Assume internet-exposed instances are being targeted and remediate without delay.