NOMISEC-lincemorado97/CVE-2025-14847

NOMISEC WORKING POC

Exploit for CVE-2025-14847 - MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed

AI Analysis

This is a functional PoC exploit for CVE-2025-14847, a MongoDB unauthenticated memory-leak vulnerability. It crafts a malicious OP_COMPRESSED packet with an inflated uncompressed size to trigger a zlib decompression flaw, leaking uninitialized server memory via BSON parsing.

Attack Type

info_leak

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1003 - OS Credential Dumping T1040 - Network Sniffing

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type infoleak

Files 4

https://github.com/lincemorado97/CVE-2025-14847

Stars 1

Forks 3

Last Push Dec 31, 2025

Authors

lincemorado97

Vulnerability

CVE-2025-14847

MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed

HIGH KEV

CVSS 7.5