|
49512 | 49512 | "needs_cleanup": false, |
49513 | 49513 | "actions": [] |
49514 | 49514 | }, |
| 49515 | + "auxiliary_scanner/mongodb/cve_2025_14847_mongobleed": { |
| 49516 | + "name": "MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed", |
| 49517 | + "fullname": "auxiliary/scanner/mongodb/cve_2025_14847_mongobleed", |
| 49518 | + "aliases": [], |
| 49519 | + "rank": 300, |
| 49520 | + "disclosure_date": "2025-12-19", |
| 49521 | + "type": "auxiliary", |
| 49522 | + "author": [ |
| 49523 | + "Alexander Hagenah", |
| 49524 | + "Diego Ledda", |
| 49525 | + "Joe Desimone" |
| 49526 | + ], |
| 49527 | + "description": "This module exploits a memory disclosure vulnerability in MongoDB's zlib\n decompression handling (CVE-2025-14847). By sending crafted OP_COMPRESSED\n messages with inflated BSON document lengths, the server reads beyond the\n decompressed buffer and returns leaked memory contents in error messages.\n\n The vulnerability allows unauthenticated remote attackers to leak server\n memory which may contain sensitive information such as credentials, session\n tokens, encryption keys, or other application data.", |
| 49528 | + "references": [ |
| 49529 | + "CVE-2025-14847", |
| 49530 | + "URL-https://www.wiz.io/blog/mongobleed-cve-2025-14847-exploited-in-the-wild-mongodb", |
| 49531 | + "URL-https://jira.mongodb.org/browse/SERVER-115508", |
| 49532 | + "URL-https://x.com/dez_" |
| 49533 | + ], |
| 49534 | + "platform": "", |
| 49535 | + "arch": "", |
| 49536 | + "rport": 27017, |
| 49537 | + "autofilter_ports": [], |
| 49538 | + "autofilter_services": [], |
| 49539 | + "targets": null, |
| 49540 | + "mod_time": "2025-12-30 14:34:57 +0000", |
| 49541 | + "path": "/modules/auxiliary/scanner/mongodb/cve_2025_14847_mongobleed.rb", |
| 49542 | + "is_install_path": true, |
| 49543 | + "ref_name": "scanner/mongodb/cve_2025_14847_mongobleed", |
| 49544 | + "check": false, |
| 49545 | + "post_auth": false, |
| 49546 | + "default_credential": false, |
| 49547 | + "notes": { |
| 49548 | + "Stability": [ |
| 49549 | + "crash-safe" |
| 49550 | + ], |
| 49551 | + "SideEffects": [ |
| 49552 | + "ioc-in-logs" |
| 49553 | + ], |
| 49554 | + "Reliability": [ |
| 49555 | + "repeatable-session" |
| 49556 | + ] |
| 49557 | + }, |
| 49558 | + "session_types": false, |
| 49559 | + "needs_cleanup": false, |
| 49560 | + "actions": [] |
| 49561 | + }, |
49515 | 49562 | "auxiliary_scanner/mongodb/mongodb_login": { |
49516 | 49563 | "name": "MongoDB Login Utility", |
49517 | 49564 | "fullname": "auxiliary/scanner/mongodb/mongodb_login", |
|
0 commit comments