US among most exposed to MongoBleed intrusions

The U.S. had 14,486 internet-exposed MongoDB servers exposed to the critical MongoBleed bug, tracked as CVE-2025-14847, making it second only to China, according to Security Affairs.

Germany, Hong Kong, and Singapore rounded out the five countries with the most MongoDB servers exposed to ongoing MongoBleed exploitation, data from Resecurity revealed. Additional findings showed that most of the vulnerable MongoDB instances were hosted on Hetzner, Aliyun Computing, DigitalOcean, Contabo, Google, Tencent, Microsoft, and OVH SAS.

"The concentration of vulnerable MongoDB instances on large cloud and hosting providers highlights the risk of misconfiguration at scale. Attackers can rapidly enumerate and target these environments using internet-wide scanning platforms, enabling automated exploitation, data exposure, and service compromise across multiple tenants," said Resecurity researchers.

Such a report comes days after MongoBleed was reported to be exploited by both the Cybersecurity and Infrastructure Security Agency and the Australian Signals Directorate.