Affected Akamai Hunt customers have already received a detailed mapping of vulnerable assets with actionable mitigation steps. Executive summary On December 19, 2025, a new vulnerability affecting the majority of MongoDB deployments was publicly reported in MongoDB instances. The vulnerability, called MongoBleed, resides in MongoDB’s handling of zlib-compressed messages and allows unauthenticated clients to leak uninitialized heap memory from the database. The CVE has been assigned a CVSSv4 score of 8.7. On December 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14847 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation. In parallel, Akamai telemetry shows MongoDB communication in approximately 62% of enterprise networks.…