CVE-2025-14847

The repository contains a functional PoC scanner for CVE-2025-14847, a pre-authentication heap memory disclosure vulnerability in the MongoDB C++ Driver. The scanner exploits an out-of-bounds read in the handling of OP_COMPRESSED messages to detect vulnerable instances.

This repository contains a Python-based exploit tool for CVE-2025-14847, a memory disclosure vulnerability in MongoDB's zlib compression handling. The tool allows for multi-threaded scanning, automatic vulnerability detection, and extraction of sensitive data from vulnerable MongoDB instances.

This PoC exploits CVE-2025-14847, a MongoDB zlib compression vulnerability that allows unauthenticated remote heap memory leakage by sending a malformed OP_COMPRESSED packet with an exaggerated uncompressed size.

This repository contains a Go-based scanner for detecting CVE-2025-14847, a MongoDB Zlib compression protocol memory leak vulnerability. It checks for vulnerable versions, Zlib support, and attempts to extract leaked heap memory data.

This repository contains a working PoC exploit for CVE-2025-14847, a critical unauthenticated memory disclosure vulnerability in MongoDB's network transport layer. The exploit leverages a flaw in zlib decompression to leak sensitive heap memory, including credentials and internal server state.

The repository contains an obfuscated Python script using PyArmor, which is unusual for a legitimate PoC. The script is heavily encrypted, making it difficult to verify its true purpose or functionality.

This repository contains a functional exploit for CVE-2025-14847, a MongoDB zLib memory leak vulnerability. The exploit constructs malicious OP_COMPRESSED packets to trigger memory disclosure by manipulating the claimed uncompressed size field.

This PoC exploits CVE-2025-14847 (MongoBleed), a heap memory disclosure vulnerability in MongoDB Server. It sends crafted zlib-compressed OP_MSG packets with inflated document lengths to leak uninitialized heap memory, revealing sensitive information.

The repository contains a functional exploit for CVE-2025-14847 (MongoBleed), which allows unauthenticated remote attackers to exfiltrate uninitialized heap memory from MongoDB servers via a flaw in zlib decompression logic. The exploit includes a lab environment, network scanner, and code scanner for vulnerability detection.

This Go-based PoC exploits CVE-2025-14847, a memory leak vulnerability in MongoDB, by sending crafted probes to extract sensitive data from server memory. It includes both scanning and targeted attack modes to leak field names, types, and raw memory contents.

This repository contains a Python-based exploit tool for CVE-2025-14847, a memory disclosure vulnerability in MongoDB's zlib compression handling. The tool allows for multi-threaded scanning, secret pattern detection, and data export.

This is a functional PoC exploit for CVE-2025-14847, a memory leak vulnerability in MongoDB. It leverages a zlib decompression bug to leak server memory via crafted BSON payloads with inflated document lengths.

This repository contains a functional PoC for CVE-2025-14847, an unauthenticated memory leak in MongoDB's zlib decompression. The toolkit includes a CLI scanner, exploitation scripts, and a lab environment for testing.

This repository contains a functional exploit for CVE-2025-14847, an unauthenticated memory-leak vulnerability in MongoDB Server's zlib compression handling. The exploit leverages inconsistent length fields in OP_COMPRESSED messages to leak uninitialized heap memory, potentially exposing sensitive data like authentication tokens, passwords, and PII.

This repository is an educational lab demonstrating the conceptual vulnerability behind CVE-2025-14847, focusing on MongoDB's compression framing and size-metadata mismatches. It includes a safe, non-exploitable probe to illustrate how such issues could lead to memory disclosure in buggy implementations.

This PoC exploits CVE-2025-14847 (MongoBLEED) by sending a maliciously crafted OP_COMPRESSED packet to trigger a heap memory leak in MongoDB. The script forges a decompression size field to leak adjacent heap memory, demonstrating the vulnerability.

This repository contains a Python-based proof-of-concept exploit for CVE-2025-14847, a memory disclosure vulnerability in MongoDB's BSON decompression implementation. The tool demonstrates how improper bounds checking can lead to memory leaks by sending crafted BSON documents with inflated lengths.

This is a functional PoC exploit for CVE-2025-14847, a MongoDB unauthenticated memory-leak vulnerability. It crafts a malicious OP_COMPRESSED packet with an inflated uncompressed size to trigger a zlib decompression flaw, leaking uninitialized server memory via BSON parsing.

This repository contains a functional proof-of-concept exploit for CVE-2025-14847 (MongoBleed), which allows unauthorized heap memory reads from MongoDB servers without authentication. The exploit crafts malformed BSON payloads to trigger memory leaks and extracts sensitive data from error responses.

This repository contains a Python-based scanner for detecting exposed MongoDB instances and checking for CVE-2025-14847 (MongoBleed), a heap leak vulnerability via OP_COMPRESSED. The tool includes checks for open ports, unauthenticated access, and a PoC for the vulnerability.

This repository contains a scanner for CVE-2025-14847, a MongoDB heap memory leak vulnerability. The Python script sends malformed packets to detect vulnerable instances and logs results.

MongoDeepDive is a high-performance asynchronous scanner and forensic analyzer for CVE-2025-14847, leveraging Shannon Entropy to detect uninitialized memory leaks in MongoDB servers. It distinguishes between low-entropy padding and high-value secrets like keys or tokens.

This repository contains a functional PoC exploit for CVE-2025-14847 (MongoBleed), demonstrating an unauthenticated memory leak vulnerability in MongoDB's OP_COMPRESSED wire protocol handling. The exploit sends maliciously crafted compressed messages to trigger memory leaks, allowing extraction of sensitive data from the server's memory.

CVE-2025-14847 (MongoBleed) is a high-severity information disclosure vulnerability in MongoDB Server, allowing remote, unauthenticated attackers to leak sensitive data from server memory by exploiting improper handling of zlib-compressed network messages.

This repository provides a DFIR triage script for detecting and analyzing exploitation attempts of CVE-2025-14847 (MongoBleed), focusing on artifact collection and forensic analysis. It includes references to PoC code and research but does not contain exploit code itself.

This repository contains a scanner for CVE-2025-14847 (MongoBleed), a memory leak vulnerability in MongoDB's zlib compression handling. The scanner detects vulnerable MongoDB instances by checking version and zlib compression status.

This repository provides a detailed technical analysis of CVE-2025-14847, a high-severity unauthenticated memory disclosure vulnerability in MongoDB Server. It includes root cause analysis, affected versions, exploitation details, and remediation guidance.

This PoC exploits CVE-2025-14847 (MongoBleed) to leak information from MongoDB by manipulating BSON document lengths and buffer offsets in OP_COMPRESSED messages. It iterates through document lengths to trigger memory leaks and extracts field names from error responses.

This is a working exploit for CVE-2025-14847, targeting MongoDB with a memory leak vulnerability. It includes functionality to probe targets, extract leaked data, and scan for secrets.

This is a Go-based proof-of-concept exploit for CVE-2025-14847, a MongoDB memory disclosure vulnerability. It crafts malformed BSON documents with inflated lengths, compresses them, and sends them via the MongoDB wire protocol to leak uninitialized memory from the server.

MongoBleed is a Python-based tool that exploits CVE-2025-14847, a memory leak vulnerability in MongoDB's zlib decompression logic, allowing unauthenticated remote attackers to leak uninitialized heap memory fragments. The PoC demonstrates the flaw by sending crafted OP_COMPRESSED messages with mismatched length fields.

This repository contains a proof-of-concept exploit for CVE-2025-14847, a critical MongoDB vulnerability that allows unauthenticated remote heap memory leakage via malformed OP_COMPRESSED packets. The PoC demonstrates the exploit by sending a crafted packet to leak uninitialized heap memory.

This repository contains a vulnerability scanner for CVE-2025-14847 (MongoBleed), a MongoDB memory disclosure vulnerability. The tool uses PoC-accurate probing to detect memory leaks without requiring authentication or causing destructive behavior.

This is a scanner for MongoDB instances and CVE-2025-14847, focusing on advanced discovery techniques and WAF/CDN bypasses to identify origin servers. It does not contain exploit code but rather reconnaissance and detection capabilities.

This is a functional exploit for CVE-2025-14847, targeting a heap buffer over-read vulnerability in MongoDB's OP_COMPRESSED handler. It leaks heap memory by manipulating the uncompressed_size field, causing the BSON parser to read beyond message boundaries.

This PoC exploits CVE-2025-14847 (MongoBleed) by sending malformed OP_COMPRESSED messages to MongoDB, triggering an information leak via error responses. It probes for leaked field names and BSON types, potentially exposing sensitive data.

This repository contains a Python-based scanner for detecting unauthenticated MongoDB instances exposed via CVE-2025-14847. The script sends a MongoDB 'hello' packet to target hosts and checks for responses indicating unauthenticated access.

This is a Burp Suite extension designed to detect and exploit CVE-2025-14847 (MongoBleed), a vulnerability in MongoDB that allows out-of-bounds memory leaks. The tool includes a manual test UI for sending crafted BSON payloads and analyzing leaked memory content.

The repository lacks actual exploit code and instead directs users to download external releases. It uses vague marketing language without technical details about CVE-2025-14847 or MongoDB vulnerabilities.

The repository claims to provide a scanner for CVE-2025-14847 but contains no actual exploit code or technical details. It directs users to download an external release, which is a common tactic for malicious or deceptive repositories.

This repository provides a detailed technical analysis of CVE-2025-14847, a high-severity unauthenticated memory disclosure vulnerability in MongoDB Server. It includes root cause analysis, affected versions, exploitation details, and remediation guidance.

This Metasploit module exploits CVE-2025-14847, a memory disclosure vulnerability in MongoDB's zlib decompression handling. It sends crafted OP_COMPRESSED messages to leak server memory contents, which may include sensitive data like credentials or encryption keys.

This repository contains a functional exploit for CVE-2025-14847, a critical unauthenticated memory-leak vulnerability in MongoDB Server's zlib compression handling. The exploit demonstrates the vulnerability by leaking uninitialized heap memory, which may include sensitive data such as authentication tokens, passwords, and PII.