Share
## https://sploitus.com/exploit?id=3A839D2A-1E14-5462-BE05-71DC801B2B61
MongoBleed CVE-2025-14847 – Vulnerability Checker

Systemhaus Schulz – Security Tools

A professional-grade security scanner for detecting the
MongoBleed (CVE-2025-14847) memory disclosure vulnerability in MongoDB.

Unlike simple version-based detection, this tool uses a PoC-accurate probing technique that safely reproduces the behavior of the original exploit logic to determine whether a target is actually vulnerable.

No data modification

No authentication required

No destructive behavior

Controlled, read-only probing

The result: real vulnerability confirmation, not guesswork.

⭐ Features

βœ”οΈ PoC-accurate detection logic
βœ”οΈ Truly confirms if memory leakage occurs
βœ”οΈ Works without authentication
βœ”οΈ Supports:

Single target (--host)

IP ranges (--range)

Target lists (--file)

βœ”οΈ JSON output for SIEM / Automation
βœ”οΈ Colored CLI output:

πŸŸ₯ Red – Target is vulnerable

🟩 Green – No leakage detected

🟨 Yellow – Port unreachable

βœ”οΈ Reachability check before scanning
βœ”οΈ Suitable for professional pentesting & audits

πŸ› οΈ Installation
git clone https://github.com/MongoBleed-CVE-2025-14847/mongobleed-checker.git
cd mongobleed-checker
chmod +x mongobleed_check.py


Python 3 is required (tested with 3.9+).

πŸš€ Usage
Scan a single host
python3 mongobleed_check.py --host 192.168.1.10

Scan an IP range
python3 mongobleed_check.py --range 192.168.1.10-192.168.1.50

Scan from a target list

Example targets.txt:

192.168.1.10
db01.internal


Run:

python3 mongobleed_check.py --file targets.txt

JSON output (for SIEM / automation)
python3 mongobleed_check.py --host 192.168.1.10 --json


Example JSON:

{
  "host": "192.168.1.10",
  "port": 27017,
  "reachable": true,
  "vulnerable": true,
  "leaks_count": 3,
  "sample_leaks": ["admin", "token", "session"],
  "attempts": 6,
  "responses": 6
}

πŸ“Œ Result Interpretation
Result	Meaning
πŸŸ₯ VULNERABLE	Memory leak confirmed using PoC logic
🟩 LIKELY NOT VULNERABLE	No leak detected in tested offsets
🟨 Port not reachable	MongoDB not reachable / blocked / offline
🧠 Background – What is MongoBleed?

CVE-2025-14847 (β€œMongoBleed”) is a memory disclosure vulnerability affecting certain MongoDB versions.
By sending specially crafted OP_COMPRESSED / OP_MSG frames, an attacker can trigger the database to return fragments of internal memory, which may contain:

usernames

access tokens

configuration values

other sensitive data residing in memory

This scanner checks exactly that behavior using a safe testing approach.

⚠️ Legal & Ethical Notice

This tool is intended strictly for:

authorized security testing

penetration testing with written permission

research and defense purposes

Do NOT use this tool on systems you do not own or do not have explicit permission to test.
Unauthorized use may violate laws such as:

Computer Fraud and Abuse Act (CFAA)

GDPR

national cyber crime laws

You are responsible for how you use this tool.

πŸ‘¨β€πŸ’» Credits

Original vulnerability research & PoC concept: respective security researchers

Scanner implementation, enhancements & tooling:
Systemhaus Schulz