24h | 7d | 30d

CVE-2025-14847

Overview

  • MongoDB Inc.
  • MongoDB Server
19 Dec 2025
Published
19 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 16 Posts
  • 1115 Interactions
Last activity: Last hour

Fediverse

Profile picture
Kevin Beaumont @GossiTheDog

Merry Christmas to everybody, except that dude who works for Elastic, who decided to drop an unauthenticated exploit for MongoDB on Christmas Day, that leaks memory and automates harvesting secrets (e.g. database passwords)

CVE-2025-14847 aka MongoBleed

Exp: github.com/joe-desimone/mongob

This one is incredibly widely internet facing and will very likely see mass exploitation and impactful incidents

Impacts every MongoDB version going back a decade.

Shodan dork: product:"MongoDB"

  • 528
  • 473
  • 0
  • 18h ago
Profile picture
hrbrmstr 🇺🇦 🇬🇱 🇨🇦 @hrbrmstr

Oh. yay.

"mongobleed" — github.com/joe-desimone/mongob

CVE-2025-14847

"Exploits zlib decompression bug to leak server memory via BSON field names.”

"Technique: Craft BSON with inflated doc_len, server reads field names from leaked memory until null byte.”

  • 21
  • 25
  • 0
  • 20h ago
Profile picture
Kevin Beaumont @GossiTheDog

There’s a great blog on detecting MongoBleed exploitation via Velociraptor blog.ecapuano.com/p/hunting-mo

  • 14
  • 26
  • 0
  • 5h ago
Profile picture
buherator @buherator
Dropping a Xmas-sploit for CVE-2025-14847
  • 12
  • 6
  • 0
  • 18h ago
Profile picture
â  â µ avuko @avuko

@hrbrmstr looks like it needs to be send to a mongodb port that accepts BSON, right?

I’m hoping (against hope) people do not have those dangling on the internet by default?

[Edit: hope is, as they say, not a strategy…]

  • 2
  • 1
  • 0
  • 14h ago
Profile picture
buherator @buherator
I truly appreciate the work of those who keep an eye on threats during the holiday season, but:

- MongoDB has nothing to do with MySQL
- A memory disclosure is not an RCE (but you should probably prioritize similarly in this case)

CVE-2025-14847
  • 1
  • 6
  • 1
  • 18h ago
Profile picture
TheHackerWire @thehackerwire

đźź  CVE-2025-14847 - High (7.5)

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0...

đź”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 23h ago
Profile picture
Offensive Sequence @offseq

🔍 HIGH severity: MongoDB flaw (CVE-2025-14847) lets unauthenticated users read uninitialized memory via zlib. Affects v3.6–8.2.3. Patch now or disable zlib compression for mitigation. Full details: radar.offseq.com/threat/new-mo

  • 0
  • 0
  • 0
  • 1h ago
Profile picture
:mastodon: decio @decio

[VULN] ⚠️ MongoDB alerte sur une faille RCE à haute gravité et urge de patcher

L'éditeur met en garde contre une vulnérabilité pouvant être exploitée pour de l’exécution de code à distance (RCE), avec des attaques ciblant des serveurs vulnérables.

(cyberveille.ch/posts/2025-12-2)
⬇️
đź”— Source originale : bleepingcomputer.com/news/secu

PoC disponible (vecteur simple, peu de prérequis techniques,
surface d’attaque large, exploitation reproductible) 👀 : mongobleed
⬇️
• Impact observé: fuite de fragments de mémoire pouvant contenir des éléments sensibles tels que des journaux internes MongoDB, l’état du serveur, des paramètres WiredTiger, des données de /proc (ex. meminfo, statistiques réseau), des chemins Docker, des UUID de connexion et des IP clients. Le PoC montre des exemples de fuites (p. ex. MemAvailable, compteurs réseau) et indique la quantité totale de données exfiltrées ainsi que le nombre de fragments uniques. ⚠️
( cyberveille.ch/posts/2025-12-2 )

[Advisory officiel]
👇
jira.mongodb.org/browse/SERVER

CVE-2025-14847

typiquement, si vous avez un contrôleur exposé veut mieux verifier les règles firewall pour bloquer...
👇
community.ui.com/questions/Mon

đź’¬
⬇️
infosec.pub/post/39604416

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2025-14847 « mongobleed »: fuite de mémoire non authentifiée dans MongoDB (correctifs disponibles) 📝 Selon la publication du Po… https://cyberveille.ch/posts/2025-12-26-cve-2025-14847-mongobleed-fuite-de-memoire-non-authentifiee-dans-mongodb-correctifs-disponibles/ #CVE_2025_14847 #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical Unauthenticated Remote Code Execution Vulnerability in MongoDB (CVE-2025-14847) – Patch Immediately https://www.cyberhub.blog/article/17244-critical-unauthenticated-remote-code-execution-vulnerability-in-mongodb-cve-2025-14847-patch-immediately
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
Best of r/cybersecurity @cybersecurity.page
A new unauthorized exploit for MongoDB, CVE-2025-14847, has been released. Users are urged to patch their systems immediately to protect against potential vulnerabilities.
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
A zlib-related length-handling bug in MongoDB (CVE-2025-14847) can let unauthenticated clients read uninitialized heap memory; update recommended.
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Linux.Detection.CVE202514847.MongoBleed :: Velociraptor
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
Bitnewsbot @bitnewsbot.bsky.social
A high-severity flaw, CVE-2025-14847 (CVSS 8.7), can let unauthenticated clients read uninitialized heap memory. The problem stems from mismatched length […]
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-68664

Overview

  • langchain-ai
  • langchain
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.05%
KEV

Description

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture
t3n – digital pioneers @t3n

Der LangGrinch bedroht KI-Systeme weltweit mit einer kritischen Schwachstelle. Administratoren mĂĽssen sofort handeln, bevor Angreifer Zugriff auf geheime Umgebungsvariablen erhalten.

t3n.de/news/langgrinch-langcha

  • 1
  • 0
  • 0
  • 19h ago
Profile picture
t3n – digital pioneers @t3n

LangGrinch: Kritische LĂĽcke in LangChain-Core bedroht KI-Agenten
t3n.de/news/langgrinch-langcha

Gepostet in Software & Entwicklung | t3n @software-entwicklung-t3n-t3n

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
Bitnewsbot @bitnewsbot.bsky.social
LangChain Core contains a critical serialization injection flaw (CVE-2025-68664, CVSS 9.3) that can expose secrets and enable prompt injection. The […]
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 LangChain: vulnérabilité critique d'injection de sérialisation permet l’exfiltration de secrets (CVE-2025-68664) 📝 Sel… https://cyberveille.ch/posts/2025-12-26-langchain-vulnerabilite-critique-d-injection-de-serialisation-permet-lexfiltration-de-secrets-cve-2025-68664/ #CVE_2025_68664 #Cyberveille
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
News Analysis @newsanalysis.com
Critical LangChain Core vulnerability (CVE-2025-68664) exposes secrets via serialization injection, potentially enabling prompt injection & code execution. Update to patched versions immediately (>=1.2.5 or >=0.3.81). #Security #News
  • 0
  • 0
  • 0
  • 16h ago

CVE-2020-12812

Overview

  • Fortinet FortiOS
24 Jul 2020
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
45.02%
KEV

Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Statistics

  • 5 Posts
Last activity: 3 hours ago

Fediverse

Profile picture
TechNadu @technadu

Fortinet confirms active exploitation of CVE-2020-12812.
A long-standing FortiOS SSL VPN flaw can bypass 2FA due to username case-sensitivity mismatches - especially in legacy deployments.

technadu.com/fortinet-warns-ju

Thoughts on mitigating MFA bypass risks?

  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture
Undercode Testing @undercode.bsky.social
The Zombie Vulnerability Apocalypse: How a 5-Year-Old Fortinet Flaw Fuels Modern Ransomware + Video Introduction: A critical vulnerability from 2020, CVE-2020-12812, is experiencing a dangerous resurgence in active ransomware campaigns. This incident exposes a fundamental flaw in vulnerability…
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Fortinet signale l’exploitation active de CVE‑2020‑12812 (FG‑IR‑19‑283) permettant de contourner le 2FA via LDAP 📝 Source… https://cyberveille.ch/posts/2025-12-26-fortinet-signale-lexploitation-active-de-cve-2020-12812-fg-ir-19-283-permettant-de-contourner-le-2fa-via-ldap/ #2FA_bypass #Cyberveille
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
guardian360.bsky.social @guardian360.bsky.social
The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
TechNadu @technadu.com
Fortinet warns attackers are actively exploiting a FortiOS SSL VPN flaw to bypass 2FA. CVE-2020-12812 shows how legacy configs can quietly weaken MFA controls. What’s your take? #Cybersecurity #Fortinet #SSLVPN
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-57403

Overview

  • Pending
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.

Statistics

  • 2 Posts
  • 14 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture
cR0w @cR0w

../ and DNS?! It really is the season of magic.

cve.org/CVERecord?id=CVE-2025-

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.

  • 4
  • 10
  • 0
  • 19h ago
Profile picture
TheHackerWire @thehackerwire

đźź  CVE-2025-57403 - High (7.5)

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory...

đź”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-67015

Overview

  • Pending
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture
cR0w @cR0w

I don't know about this specific device, but these types of devices tend to be used a lot in remote OT systems, often with the management interface exposed, and almost no monitoring. Other similar modems have been successfully exploited ITW for some interesting incidents.

cve.org/CVERecord?id=CVE-2025-

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.

  • 3
  • 3
  • 0
  • 19h ago
Profile picture
TheHackerWire @thehackerwire

đźź  CVE-2025-67015 - High (7.5)

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.

đź”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-13158

Overview

  • apiDoc
  • apidoc-core
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🔥 CRITICAL: CVE-2025-13158 in apidoc-core (0.2.0+) enables remote prototype pollution via malformed input. Risks: DoS & unpredictable JS app behavior. Audit, sanitize, and isolate now — no patch yet! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 8h ago
Profile picture
cR0w @cR0w

sev:CRIT prototype pollution in apidoc-core. But worse is the word wrapping without hyphens in the summary.

sonatype.com/security-advisori

  • 0
  • 2
  • 0
  • 19h ago

CVE-2025-12771

Overview

  • IBM
  • Concert
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 20 hours ago

Fediverse

Profile picture
cR0w @cR0w

Post-auth BoF in IBM Concert.

ibm.com/support/pages/node/725

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 20h ago
Profile picture
TheHackerWire @thehackerwire

đźź  CVE-2025-12771 - High (7.8)

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

đź”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-13915

Overview

  • IBM
  • API Connect
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture
cR0w @cR0w

sev:CRIT auth bypass in IBM API Connect.

ibm.com/support/pages/node/725

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 20h ago
Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
75.42%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture
buherator @buherator
[RSS] Hunting CVE-2025-59287 in Memory Dumps

https://medium.com/@Debugger/hunting-cve-2025-59287-in-memory-dumps-b70afd7d2dcf?source=rss-3ba65b326b28------2
  • 0
  • 1
  • 0
  • 14h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
[RSS] Hunting CVE-2025-59287 in Memory Dumps medium.com -> Original->
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-68668

Overview

  • n8n-io
  • n8n
26 Dec 2025
Published
26 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
Pending
KEV

Description

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

Statistics

  • 3 Posts
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

đź”´ CVE-2025-68668 - Critical (9.9)

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploi...

đź”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 1
  • 13h ago
Profile picture
Offensive Sequence @offseq

⚠️ CRITICAL: CVE-2025-68668 in n8n-io n8n (v1.0.0–<2.0.0) allows authenticated users to bypass the Python Code Node sandbox & run arbitrary commands. Patch to 2.0.0+ or disable the node for mitigation. Full details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago
Showing 1 to 10 of 43 CVEs