CERT-Bund benachrichtigt ab heute deutsche Netzbetreiber zu offen aus dem Internet erreichbaren MongoDB-Servern in ihren Netzen, die noch mit veralteten Versionen laufen, welche für die am 19.12.2025 bekannt gewordene Schwachstelle CVE-2025-14847 verwundbar sind.

Das betrifft aktuell 93% der rund 5.000 uns bekannten MongoDB-Servern bei deutschen Netzbetreibern.

42% der MongoDB-Server laufen zudem mit einer veralteten Version, die nicht mehr vom Hersteller unterstützt wird (End-of-Life).

Hunting MongoBleed (CVE-2025-14847): https://blog.ecapuano.com/p/hunting-mongobleed-cve-2025-14847

#mongobleed #threathunting #detectionengineering

🫤 We know the *last* thing you want to deal with on Dec 31st is a new vulnerability. But #MongoBleed (CVE-2025-14847) isn't waiting for the ball to drop.

Our team already updated the Pentest-Tools.com Network Scanner to detect this information disclosure flaw that's currently letting unauthenticated attackers leak MongoDB server info.

Whether you’re on-call or just checking in, we’ve made it fast to see if your servers are at risk. 🎯 Scan your IPs for CVE-2025-14847, patch it fast, and have a safe New Year.

Deets and detection here: 👉 https://pentest-tools.com/vulnerabilities-exploits/mongodb-server-information-disclosure-mongobleed_28455

U.S., Australia Say ‘MongoBleed’ Bug Being Exploited
https://therecord.media/us-australia-bug-exploitation

U.S. and Australian cyber agencies have confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday, impacting data storage systems from MongoDB.

The issue drew concern on Dec. 25 when a prominent researcher published exploit code for CVE-2025-14847—a vulnerability MongoDB announced on Dec. 15 and patched on Dec. 19.

The Cybersecurity and Infrastructure Security Agency added the bug to its catalogue of exploited vulnerabilities on Monday evening and ordered all federal civilian agencies to patch it by Jan. 19. A CISA spokesperson declined to comment further on what U.S. agencies are doing to protect potentially affected parties.

Australia’s Australian Cyber Security Centre said in an advisory that it “is aware of active global exploitation of this vulnerability.”

🚀 MongoDB has disclosed a high-severity vulnerability (CVE-2025-14847) with a CVSS score of 8.7. This flaw allows unauthenticated remote attackers to read uninitialized heap memory due to improper handling of length parameter inconsistencies in compressed protocol headers. The vulnerability impacts specific releases in the 7.0, 8.0, and 8.2 series, necessitating immediate patching.

#Cybersecurity #InfoSec #Hacking #Privacy #TechSafety

👉 Full Story: https://www.nexaspecs.com/2025/12/mongodb-cve-2025-14847-security-fix.html

Stubborn AI honeypots give me grey hair.

Attacker sends payload:

"username=anonymous%00]]%0dlocal+h+%3d+io.popen("this is vulnerable to CVE-2025-47812")%0dlocal+r+%3d+h%3aread("*a")%0dh%3aclose()%0dprint(r)%0d--&password=
"

And the AI responsible for handling the response sends the following back to the attacker:

"This system is not affected by CVE-2025-47812.
"

*sigh*

#dfir #infosec #cybersecurity #honeypot

CSA has published guidance on CVE-2025-52691, a critical SmarterMail vulnerability enabling potential unauthenticated remote code execution through arbitrary file uploads.

Although exploitation has not been observed, the advisory highlights the continued exposure of mail server infrastructure and the importance of timely upgrades to fixed builds.

Engage in the discussion and follow TechNadu for sober, research-driven security reporting.

#InfoSec #VulnerabilityResearch #EmailInfrastructure #RCE #PatchManagement #CyberDefense #TechNadu

Hunting CVE-2025-59287 in Memory Dumps: https://medium.com/@Debugger/hunting-cve-2025-59287-in-memory-dumps-b70afd7d2dcf

#memorydump #wsus #windbg

🟠 CVE-2025-15274 - High (8.8)

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vu...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15274/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-15388 - High (8.8)

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15388/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-68979 - High (8.1)

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68979/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda