US Australia say MongoBleed bug being exploited The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstatepp Influence Operations ppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp US and Australian cyber agencies confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday and is impacting data storage systems from the company MongoDB pp The issue drew concern on December 25 when a prominent researcher published exploit code for CVE202514847 a vulnerability MongoDB announced on December 15 and patched on December 19   pp The Cybersecurity and Infrastructure Security Agency CISA added the bug to its catalog of exploited vulnerabilities on Monday evening and ordered all federal civilian agencies to patch it by January 19 A CISA spokesperson declined to answer further questions about what US agencies are doing to protect those who may be impacted  pp Australias Cyber Security Centre said in an advisory that it is aware of active global exploitation of this vulnerability pp The vulnerability impacts a range of versions of MongoDBs database management system  pp The bug was dubbed MongoBleed in reference to several previous vulnerabilities including the CitrixBleed bug  pp Cybersecurity researcher Eric Capuano said the exploit works by establishing many rapid connections to the MongoDB server were talking tens of thousands per minute  pp Each connection probes for memory leaks and the attacker aggregates the leaked data to reconstruct sensitive information he added  pp Douglas McKee director of vulnerability intelligence at the cybersecurity firm Rapid7 told Recorded Future News the vulnerability affects thousands of internetexposed MongoDB deployments by enabling access paths that bypass authentication controls under specific conditions pp Cybersecurity experts at several organizations warned about the level of exposure related to the bug The cyber company Wiz found that 42 of cloud environments have at least one instance of a version of MongoDB vulnerable to CVE202514847 and experts at the company have confirmed many internetfacing instances as exploitable pp Censys reported observing about 87000 potentially vulnerable instances worldwide and the Shadowserver Foundation put the figure at 74854  pp Rapid7s McKee said similar largescale exposure combined with trivial access paths has historically led to rapid opportunistic abuse  pp The issue highlights how exposure and access control failures can create material risk even in the absence of a traditional exploit chain he said  pp Based on historical patterns with similar MongoDB exposure issues the most likely abuse would come from opportunistic actors conducting broad internet scanning rather than targeted or nationstate campaigns pp He added that MongoDB is used across the spectrum from small startups and softwareasaservice providers to large enterprises and government environments pp Cybersecurity expert Kevin Beaumont validated the exploit code over the weekend and said it allowed anyone to steal database passwords AWS secret keys and more  ppJonathan Greigppis a Breaking News Reporter at Recorded Future News Jonathan has worked across the globe as a journalist since 2014 Before moving back to New York City he worked for news outlets in South Africa Jordan and Cambodia He previously covered cybersecurity at ZDNet and TechRepublicppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp