Share
## https://sploitus.com/exploit?id=3A839D2A-1E14-5462-BE05-71DC801B2B61
MongoBleed CVE-2025-14847 β Vulnerability Checker
Systemhaus Schulz β Security Tools
A professional-grade security scanner for detecting the
MongoBleed (CVE-2025-14847) memory disclosure vulnerability in MongoDB.
Unlike simple version-based detection, this tool uses a PoC-accurate probing technique that safely reproduces the behavior of the original exploit logic to determine whether a target is actually vulnerable.
No data modification
No authentication required
No destructive behavior
Controlled, read-only probing
The result: real vulnerability confirmation, not guesswork.
β Features
βοΈ PoC-accurate detection logic
βοΈ Truly confirms if memory leakage occurs
βοΈ Works without authentication
βοΈ Supports:
Single target (--host)
IP ranges (--range)
Target lists (--file)
βοΈ JSON output for SIEM / Automation
βοΈ Colored CLI output:
π₯ Red β Target is vulnerable
π© Green β No leakage detected
π¨ Yellow β Port unreachable
βοΈ Reachability check before scanning
βοΈ Suitable for professional pentesting & audits
π οΈ Installation
git clone https://github.com/MongoBleed-CVE-2025-14847/mongobleed-checker.git
cd mongobleed-checker
chmod +x mongobleed_check.py
Python 3 is required (tested with 3.9+).
π Usage
Scan a single host
python3 mongobleed_check.py --host 192.168.1.10
Scan an IP range
python3 mongobleed_check.py --range 192.168.1.10-192.168.1.50
Scan from a target list
Example targets.txt:
192.168.1.10
db01.internal
Run:
python3 mongobleed_check.py --file targets.txt
JSON output (for SIEM / automation)
python3 mongobleed_check.py --host 192.168.1.10 --json
Example JSON:
{
"host": "192.168.1.10",
"port": 27017,
"reachable": true,
"vulnerable": true,
"leaks_count": 3,
"sample_leaks": ["admin", "token", "session"],
"attempts": 6,
"responses": 6
}
π Result Interpretation
Result Meaning
π₯ VULNERABLE Memory leak confirmed using PoC logic
π© LIKELY NOT VULNERABLE No leak detected in tested offsets
π¨ Port not reachable MongoDB not reachable / blocked / offline
π§ Background β What is MongoBleed?
CVE-2025-14847 (βMongoBleedβ) is a memory disclosure vulnerability affecting certain MongoDB versions.
By sending specially crafted OP_COMPRESSED / OP_MSG frames, an attacker can trigger the database to return fragments of internal memory, which may contain:
usernames
access tokens
configuration values
other sensitive data residing in memory
This scanner checks exactly that behavior using a safe testing approach.
β οΈ Legal & Ethical Notice
This tool is intended strictly for:
authorized security testing
penetration testing with written permission
research and defense purposes
Do NOT use this tool on systems you do not own or do not have explicit permission to test.
Unauthorized use may violate laws such as:
Computer Fraud and Abuse Act (CFAA)
GDPR
national cyber crime laws
You are responsible for how you use this tool.
π¨βπ» Credits
Original vulnerability research & PoC concept: respective security researchers
Scanner implementation, enhancements & tooling:
Systemhaus Schulz