Tribaldex Blog

You are viewing a single comment's thread:

RE: MongoBleed (CVE-2025-14847): A breakdown for Hive Engine Operators

@brianoflondon77
Synergy Builders

I'm using Mongo for @v4vapp and I love it but obviously you can't connect directly to my database via the internet! Who would do that?

The point you raise about Zlib I didn't pick up in all the other stuff I read and heard about Mongobleed and that is crucial. I know I'm not using it, I may look at turning it off.

0.00043359 BEE
1 comments
@thecrazygm73

I mean, I guess you could technically get hit by another user on the same machine, but ZLIB compression is still like 99% of the exploit, which I'm surprised other outlets didn't report it as such.

Security firms estimate that over 87,000 MongoDB instances exposed to the internet are potentially vulnerable to the "MongoBleed" flaw (CVE-2025-14847). Other scanning services report figures as high as 100,000 to over 213,000 internet-exposed instances, many of which are likely unpatched.

I guess there is legit uses for having a database on a separate machine, but even then I would tunnel/vpn/encrypt the shit out of the traffic between them, so... /shrug.

0.00006441 BEE