Imagine your memory just became the attack surface.
That’s MongoBleed. Or as others know it: CVE-2025-14847. No passwords to crack, no complex exploit chain.

Just normal protocol behavior, repeated at scale.

Each request leaks a little more MongoDB memory until something valuable shows up, even in environments that already follow network segmentation best practices.

Rob Maas (Field CTO, ON2IT) hosts Luca Cipriano (CTI & Red Team Program Lead) to dissect MongoBleed, an unauthenticated memory leak vulnerability in MongoDB, in this episode of Threat Talks.

They break down how MongoBleed exploits MongoDB’s wire protocol before authentication and why repetition matters more than a single request.

MongoDB is everywhere: cloud platforms, scalable applications, and data-heavy environments where availability matters more than friction. If MongoDB is part of your environment, or you want to understand how this vulnerability is exploited in practice, the full breakdown is worth your time.

Timestamps

Key Topics Covered

· How malformed compressed messages manipulate MongoDB memory allocation

· Why BSON string parsing can expose unintended data

· How repeated burst requests turn small leaks into valuable information

· Why MongoDB deployments are attractive targets in the cloud

Resources

· Threat Talks: https://threat-talks.com/

· ON2IT (Zero Trust as a Service): https://on2it.net/

· AMS-IX: https://www.ams-ix.net/ams

· Threat Talks episode on Citrix Bleed: https://youtu.be/YwDpRPBfAzs

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

===

► YOUTUBE: / @threattalks

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX