MongoBleed (CVE-2025-14847) was defined as “the vulnerability of the year.” In this article, find out what it is, why it’s dangerous, and if (and when) you should care about it. But first, some context.
Back in April 2014, a vulnerability in the TLS extension ‘Heartbeat’ was discovered by researchers at Google. The vulnerability came about because, at the time, OpenSSL never properly checked the length of any requested data. Attackers could therefore ‘craft’ requests in such a way that harvested personal data. This vulnerability picked up the quite appropriate moniker ‘Heartbleed’.
Heartbleed was dangerous because it focused on leaked memory