NOMISEC-Black1hp/mongobleed-scanner

NOMISEC WORKING POC

Exploit for CVE-2025-14847 - MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed

AI Analysis

The repository contains a functional PoC scanner for CVE-2025-14847, a pre-authentication heap memory disclosure vulnerability in the MongoDB C++ Driver. The scanner exploits an out-of-bounds read in the handling of OP_COMPRESSED messages to detect vulnerable instances.

Attack Type

info_leak

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1005 - Data from Local System T1082 - System Information Discovery

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 3

https://github.com/Black1hp/mongobleed-scanner

Stars 34

Forks 6

Last Push Dec 28, 2025

Authors

Black1hp

Vulnerability

CVE-2025-14847

MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed

HIGH KEV

CVSS 7.5