A critical vulnerability in one of the world’s most widely used database systems has put government agencies and enterprises on the clock, with less than a week remaining before a federal remediation deadline set by the US Cybersecurity and Infrastructure Security Agency (CISA).
Tracked as CVE-2025-14847 and dubbed “MongoBleed,” the flaw was disclosed shortly after Christmas and impacts systems that use MongoDB to store and manage large volumes of data, such as user records, internal documents, or application data.
The vulnerability specifically impacts databases that use a certain data-compression feature and are reachable over a network.
Active Exploitation and Global Exposure
According to cybersecurity firm Resecurity, which published detailed technical research into the vulnerability, threat actors are already actively scanning the internet for exposed systems.
Both IPv4 and IPv6 address ranges are being probed globally, with ransomware groups and other attackers seeking to steal sensitive data from unpatched databases.
All MongoDB versions from 3.6 onward are vulnerable if left unpatched. The flaw can be exploited remotely without authentication, meaning attackers only need network access to the database.
Once exploited, it can leak sensitive system memory, putting both publicly exposed and internally accessible databases at risk through lateral movement within networks.
Resecurity’s telemetry shows tens of thousands of vulnerable MongoDB databases worldwide.
China recorded the highest number of exposed systems, followed by the United States and Germany. Hong Kong, Singapore, India, Russia, France, Vietnam, and Indonesia also show significant exposure.
Government Systems Face Critical Risk
The risk is particularly acute for the public sector, where MongoDB is widely used to modernize legacy systems and support data-intensive applications.
In the United States, 13 federal cabinet-level agencies and all branches of the Department of Defense rely on MongoDB, along with civilian agencies such as NOAA, the FDA, and the Department of Health and Human Services.
As of May 2025, MongoDB ranked as the world’s fifth most popular database software, with use spanning government, defense, healthcare, and critical infrastructure sectors.
CISA Orders Federal Patch by January 19
CISA has added CVE-2025-14847 to its Known Exploited Vulnerabilities Catalog and has ordered all federal civilian executive branch agencies to fix the flaw by January 19.
Experts warn that organizations outside the federal government should treat the deadline as a strong signal of urgency, given active exploitation already underway.
With mass scanning continuing and the patch window rapidly closing, unpatched MongoDB systems could quickly become prime targets for data theft and ransomware attacks.
