Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.

Insecure Direct Object References, commonly referred to as IDORs, remain one of the most common and damaging classes of application vulnerabilities. Despite being well documented and widely understood at a conceptual level, they continue to appear in real production systems, particularly in modern, API-driven applications.

CVE-2025-14847, nicknamed MongoBleed, is a high-severity (CVSS 7.5–8.7) unauthenticated information disclosure vulnerability in MongoDB Server. It allows remote attackers to leak uninitialized heap memory containing sensitive data—such as credentials, API keys, session tokens, and PII—without authentication. Exploitation occurs pre-authentication via malformed zlib-compressed network packets on port 27017.

Zero-day vulnerabilities often attract attention and concern because of their unpredictability. They are, by definition, weaknesses that are unknown to software vendors and therefore have no official fix at the point of discovery. When discovered and exploited by malicious actors, they allow attackers to bypass controls before organisations even realise there is a problem.

On December 19, 2025, MongoDB issued an advisory for CVE-2025-14847, known as “MongoBleed,” a high-severity vulnerability in the server’s zlib-based network compression functionality. This vulnerability affects how the database handles compressed network communications and can cause it to accidentally leak sensitive information from its memory when abused by unauthenticated threat actors. The problem occurs when MongoDB receives a specially crafted message.

A critical vulnerability identified as CVE-2025-14847 (dubbed “MongoBleed“) affects MongoDB Server instances, exposing systems to unauthenticated information disclosure. This vulnerability allows a remote attacker to read sensitive data from the server’s memory without requiring authentication.

A high-severity vulnerability, CVE-2025-14847, affecting MongoDB Server is being actively exploited in the wild with a Bitsight Dynamic Vulnerability Exploit (DVE) score of 9.71. The flaw, commonly referred to as “MongoBleed,” is an unauthenticated memory-read vulnerability caused by improper handling of zlib-compressed network message headers, which may allow attackers to read uninitialized heap memory remotely.