In a concerning development, a threat actor has surfaced, claiming to possess a Remote Code Execution (RCE) exploit targeting MongoDB systems. According to the actor’s statement, the exploit remains unidentified and constitutes a zero-day vulnerability within the MongoDB Driver, rendering vulnerable any site running MongoDB versions up to 6.2. The actor disclosed that they had been developing and refining this exploit since mid-2022 but no longer find it useful. Expressing openness to offers, the threat actor invites interested parties to engage via private message, offering a live demonstration of the exploit on their server for verification purposes.
To execute the exploit, once a vulnerable MongoDB host running version 6.2 or lower is identified, a simple POST request suffices, making it accessible even to inexperienced users. The threat actor emphasizes that the unintentional patching of the exploit in MongoDB 6.3 was never publicly announced, heightening the urgency for organizations to address potential vulnerabilities promptly. The actor sets a starting price for consideration at $100,000, with assurances of covering escrow expenses, underscoring a commitment to transparency and mutual trust in the transaction process.