December 29, 2025

Summary

One new Rapid Response advisory, queries, and ASM risk fingerprint for MongoBleed (CVE-2025-14847), a critical MongoDB uninitialized memory disclosure vulnerability.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issue.

MongoBleed - Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847]
- The following queries can be used to identify exposed and potentially vulnerable MongoDB instances.

New fingerprints

Added the following fingerprint.

Type	Name	Description	Query
risk	MongoBleed: Vulnerable MongoDB [CVE-2025-14847]	This MongoDB server is running a version vulnerable to CVE-2025-14847 (MongoBleed), an unauthenticated memory leak vulnerability that allows remote attackers to exfiltrate sensitive data from the database server's heap memory without requiring credentials.	ASM query: `risks.name="MongoBleed: Vulnerable MongoDB [CVE-2025-14847]"`

Type

Name

Description

Query

risk

MongoBleed: Vulnerable MongoDB [CVE-2025-14847]

This MongoDB server is running a version vulnerable to CVE-2025-14847 (MongoBleed), an unauthenticated memory leak vulnerability that allows remote attackers to exfiltrate sensitive data from the database server's heap memory without requiring credentials.

ASM query:

risks.name="MongoBleed: Vulnerable MongoDB [CVE-2025-14847]"