<- Back
Comments (9)
- FridgeSealCurrent link points straight to the Python code without a lot of context, so here’s the top of the readme:> CVE-2025-14847 - MongoDB Unauthenticated Memory Leak Exploit> A proof-of-concept exploit for the MongoDB zlib decompression vulnerability that allows unauthenticated attackers to leak sensitive server memory.
- dparkDo people usually run Mongo in a mode that allows unauthenticated calls? I don’t know anything about Mongo. This just seems surprising.
- winridLuckily most people wouldn't use zlib anyway, they'd use snappy or zstd, and this also requires authenticated access to the cluster ....