MongoBleed update: We added MongoDB CVE-2025-14847 tagging today that is version ...

Why Nostr? What is Njump? Join Nostr

The Shadowserver Foundation

npub1cl…yl628

2025-12-29 19:37:19 UTC

MongoBleed update: We added MongoDB CVE-2025-14847 tagging today that is version based. This results in 74,854 possibly unpatched versions (out of 78,725 exposed today). IP data on vulnerable instances shared in our Open MongoDB Report: https://www.shadowserver.org/what-we-do/network-reporting/open-mongodb-report/

Note FPs on CVE-2025-14847 tagging may be possible due to backporting patches without bumping versions.

IP data on exposed instances is shared daily since Feb 2015!

To view exposed info on Dashboard select source 'scan' 'scan6' & tag 'mongodb' https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30&source=scan&source=scan6&tag=mongodb&dataset=unique_ips&limit=100&group_by=geo&stacking=stacked&auto_update=on

Advisory & patch details on CVE-2025-14847 can be found at https://jira.mongodb.org/browse/SERVER-115508

If you receive an alert from us, check for compromise!

Upgrade to 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.

Author Public Key

npub1cla6jlqwtg3hhhqlg7rdz0lxtgfr0u5ee6vndqr0pzdtszzvt9gsyyl628

Seen on

wss://relay.momostr.pink

Show more details

Published at

2025-12-29 19:37:19 UTC

Kind type

1 Short Text Note

Event JSON

{ "id": "c055aae6d24fc37e6d3eb43cc8f87bc358e5cfeba19ee12667183bb57daa2e28", "pubkey": "c7fba97c0e5a237bdc1f4786d13fe65a1237f299ce9936806f089ab8084c5951", "created_at": 1767037039, "kind": 1, "tags": [ [ "proxy", "https://infosec.exchange/@shadowserver/115804539396514801", "web" ], [ "imeta", "url https://media.infosec.exchange/infosec.exchange/media_attachments/files/115/804/539/071/871/345/original/4b5a71716d55eb8d.png", "m image/png" ], [ "proxy", "https://infosec.exchange/users/shadowserver/statuses/115804539396514801", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://infosec.exchange/users/shadowserver/statuses/115804539396514801", "pink.momostr" ], [ "-" ] ], "content": "MongoBleed update: We added MongoDB CVE-2025-14847 tagging today that is version based. This results in 74,854 possibly unpatched versions (out of 78,725 exposed today). IP data on vulnerable instances shared in our Open MongoDB Report: https://www.shadowserver.org/what-we-do/network-reporting/open-mongodb-report/\n\nNote FPs on CVE-2025-14847 tagging may be possible due to backporting patches without bumping versions.\n\nIP data on exposed instances is shared daily since Feb 2015!\n\nTo view exposed info on Dashboard select source 'scan' 'scan6' \u0026 tag 'mongodb' https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30\u0026source=scan\u0026source=scan6\u0026tag=mongodb\u0026dataset=unique_ips\u0026limit=100\u0026group_by=geo\u0026stacking=stacked\u0026auto_update=on \n\nAdvisory \u0026 patch details on CVE-2025-14847 can be found at https://jira.mongodb.org/browse/SERVER-115508\n\nIf you receive an alert from us, check for compromise!\n\nUpgrade to 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/115/804/539/071/871/345/original/4b5a71716d55eb8d.png\n", "sig": "075f16977aa854ffbe47efdfda828ceeca4fe728cac666550942fb7457d932ff78a479ba6c739a6726aec3c5c1a232eecbe431bddc5e120985fca834fd2acb57" }