News

MongoDB CVE-2025-14847 Vulnerability Exploited, Affecting 87,000 Instances

Luciano Ferrari

29 Dec 2025 — 2 min read

Monday, December 29, 2025

Top 5 Cybersecurity Stories You Should Know

MongoDB CVE-2025-14847 Vulnerability Exploited, Affecting 87,000 Instances — tl;dr: A critical vulnerability in MongoDB, tracked as CVE-2025-14847, is currently under active exploitation, with over 87,000 instances worldwide potentially affected. This flaw, which allows unauthenticated attackers to remotely leak sensitive data from server memory, has a CVSS score of 8.7, indicating high severity. Organizations using MongoDB are urged to apply security patches immediately to mitigate risks. Failure to address this vulnerability could lead to significant data breaches and loss of sensitive information, impacting businesses and users alike.
↪ https://www.wiu.edu/cybersecuritycenter/cybernews.php
2025 Sees Surge in Ransomware Attacks Targeting Critical Infrastructure — tl;dr: In 2025, ransomware attacks surged globally, with a 34% increase targeting critical infrastructure such as energy and transportation. Notable incidents included the Kido International breach, affecting personal data of 8,000 individuals, and a major attack on Romania's water management authority, which disrupted operations. The Qilin cybercrime group emerged as a significant threat, executing multi-sector attacks and demanding hefty ransoms. Organizations are urged to enhance cybersecurity measures, including multi-layered defenses and real-time monitoring, to mitigate the risks posed by evolving ransomware tactics.
↪ https://www.cybersecurity-insiders.com/top-ransomware-attacks-of-2025-major-incidents-impacts-rising-cyber-threats-globally/
MongoBleed (CVE-2025-14847): Critical Memory Leak Vulnerability in MongoDB — tl;dr: MongoBleed (CVE-2025-14847) is a critical unauthenticated memory leak vulnerability in MongoDB, allowing attackers to remotely extract sensitive uninitialized heap memory. Affecting versions 8.2.x to 4.0.x, this vulnerability poses a high confidentiality risk, with an estimated 100,000 exposed instances globally. Organizations are urged to patch immediately or disable zlib compression and restrict network access. Varonis offers protection through database activity monitoring and incident response services to help mitigate risks associated with this vulnerability.
↪ https://www.varonis.com/blog/mongobleed-cve-2025-14847-memory-leak-vulnerability
Ransomware Hits Romanian Water Authority; Major Data Breaches Reported — tl;dr: On December 29, 2025, Check Point Research reported significant cyber incidents, including a ransomware attack on Romania's national water management authority, affecting nearly 1,000 systems but sparing operational technology. France's La Poste faced disruptions from a cyber-attack attributed to the pro-Russian group NoName057(16), while Aflac confirmed a data breach impacting 22.7 million individuals. Other breaches included Nissan and Trust Wallet, with the latter suffering $7 million in losses due to a compromised Chrome extension. Organizations are advised to enhance their cybersecurity measures and ensure timely patching of vulnerabilities.
↪ https://research.checkpoint.com/2025/29th-december-threat-intelligence-report/
Major Cybersecurity Breaches of 2025: Salesforce, Clop, and University Attacks — tl;dr: In 2025, significant cybersecurity incidents included breaches at Salesforce, where third-party integrations were compromised, affecting companies like Cloudflare and TransUnion. The Clop ransomware group exploited a vulnerability in Oracle's E-Business platform, targeting hospitals and universities. High-profile university breaches occurred at the University of Pennsylvania and Harvard, exposing sensitive alumni data. Aflac disclosed a breach impacting 22.65 million customers, while Mixpanel faced a smishing attack linked to Pornhub's data theft. Organizations should enhance their cybersecurity measures, conduct regular audits, and educate employees about phishing threats to mitigate risks.
↪ https://www.wired.com/story/worst-hacks-of-2025/