## https://sploitus.com/exploit?id=7B7B932B-80D2-5E18-BA6C-85881C949AC0
# Mongobleed (CVE-2025-14847) – Go Proof of Concept
This repository contains a Go proof-of-concept exploit for **CVE-2025-14847**, a MongoDB memory disclosure vulnerability commonly referred to as **Mongobleed**.
This PoC is a Go reimplementation of the original Python exploit by **Joe Desimone**, available here:
https://github.com/joe-desimone/mongobleed
The exploit abuses a zlib decompression and BSON parsing flaw to leak uninitialized memory from a vulnerable MongoDB server.
Read the blog post - https://saereya.github.io/posts/mongobleed-cve-2025-14847/
## Vulnerability Overview
**CVE-2025-14847** is caused by improper handling of compressed `OP_MSG` messages in MongoDB. By crafting a malformed BSON document with an inflated document length and wrapping it in an `OP_COMPRESSED` message, the server may read beyond the bounds of the decompressed buffer.
This can cause MongoDB to interpret leftover memory as BSON field names, which are then reflected back in error messages. Repeating this process across varying offsets can leak fragments of server memory.
## Exploit Technique
This PoC:
- Crafts a minimal BSON document with a falsified document length
- Compresses it using zlib
- Wraps it in an `OP_COMPRESSED` MongoDB wire protocol message
- Sends it directly over TCP without authentication
- Parses error responses for leaked memory fragments
Leaked data is extracted from error strings such as:
- `field name '...'`
- `type `
## Affected Versions
This vulnerability affects specific MongoDB versions prior to the official patch.
Refer to MongoDB security advisories for exact version ranges.
## Usage
Build:
```bash
go build -o mongobleed
```
Run:
```bash
./mongobleed --host --port 27017
```
Optional flags:
--min-offset: Starting BSON document length (default: 20)
--max-offset: Ending BSON document length (default: 8192)
## Output:
```bash
[*] MongoBleed - CVE-2025-14847
[*] Targetting localhost:27017
[*] Offset: 20 -> 8192
[+] offset= 117 len= 51: ssions^\u0001f\bD\\��A6�;7\u0003��V%\u0019\u001a9ip
[+] offset= 119 len= 51: ssions^\u0001f\bD\\��A6�;7\u0003��V%\u0019\u001a9ip
[+] offset= 120 len= 51: ssions^\u0001f\bD\\��A6�;7\u0003��V%\u0019\u001a9ip
[+] offset= 121 len= 51: ssions^\u0001f\bD\\��A6�;7\u0003��V%\u0019\u001a9ip
```
## Disclaimer
This code is provided for educational and research purposes only.
Do not run this tool against systems you do not own or have explicit permission to test.
Unauthorized use may be illegal and unethical.
## Credits
- Original Python Exploit:
- Joe Desimone https://github.com/joe-desimone/mongobleed