MongoBleed Vulnerability (CVE-2025-14847) Exposes MongoDB Instances in Bangladesh

Executive Summary

A nationwide assessment identified 80 internet-exposed MongoDB database instances in Bangladesh that are improperly secured or misconfigured and running versions vulnerable to CVE-2025-14847 (MongoBleed). This critical vulnerability allows unauthenticated remote attackers to leak sensitive data from server memory when zlib compression is enabled. As MongoDB is commonly used to store citizen and customer information, financial records, application credentials and API tokens, as well as logs and operational data, such widespread exposure presents a serious national-level data protection, privacy, and trust risk, with potential consequences for public services, businesses, and digital confidence in Bangladesh.

Vulnerability Details (CVE-2025-14847)

1. Affected software: MongoDB (Community & Enterprise deployments)
2. Vulnerability type: Improper access control / insecure default or misconfiguration. Allows unauthorized remote access to MongoDB instances when exposed to untrusted networks
3. Attack vector: Network (Internet-facing MongoDB service, typically TCP/27017)
4. Authentication required: None or weak / misconfigured
5. Severity: High to Critical (environment-dependent), CVSS v4.0 (Base Score): 8.7 - High
6. Exploitability: Low complexity, widely automated scanning observed globally

Affected Versions

Observed Characteristics

The exposed MongoDB instances in Bangladesh commonly showed:

1. Database services listening on 0.0.0.0:27017
2. Lack of proper bindIp restriction
3. Authentication disabled or weakly enforced
4. No network-level access control (firewall / security group)
5. No TLS encryption
6. Hosting on: Cloud VPS, Local data centers, ISP-provided infrastructure

Download the full Advisory as PDF