Versions (2)
Version DetailsCurrent
Rev: 1 • Dec 29, 2025, 12:00 PMET EXPLOIT MongoDB Unauthenticated Memory Leak (CVE-2025-14847)
alert tcp any any -> $HOME_NET 27017 (msg:"ET EXPLOIT MongoDB Unauthenticated Memory Leak (CVE-2025-14847)"; flow:established,to_server; flowbits:isnotset,ET.MongoDB_Auth_Attempt; content:"|dc 07 00 00 dd 07 00 00|"; fast_pattern; offset:12; depth:8; content:"|02|"; distance:4; within:1; threshold:type threshold, track by_src, count 10, seconds 120; reference:url,bigdata.2minutestreaming.com/p/mongobleed-explained-simply; reference:cve,2025-14847; classtype:attempted-admin; sid:2066501; rev:1; metadata:affected_product MongoDB, attack_target Server, created_at 2025_12_29, cve CVE_2025_14847, deployment Perimeter, deployment Internal, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_12_29; target:dest_ip;)
Dec 29, 2025, 12:00 PM
Dec 29, 2025, 12:00 PM
Dec 29, 2025, 9:34 PM
Dec 30, 2025, 9:34 PM
rules/emerging-exploit.rules