Chameleon.io incident

Chameleon not vulnerable to MongoBleed - CVE-2025-14847

Notice Resolved View vendor source →

Chameleon.io experienced a notice incident on December 29, 2025, lasting —. The incident has been resolved; the full update timeline is below.

Started
Dec 29, 2025, 01:00 PM UTC
Resolved
Dec 29, 2025, 01:00 PM UTC
Duration
Detected by Pingoru
Dec 29, 2025, 01:00 PM UTC

Update timeline

  1. resolved Dec 29, 2025, 02:04 PM UTC

    Chameleon is not and was not not affected by the recently disclosed MongoDB vulnerability CVE-2025-14847 (aka. MongoBleed). It allows attackers to read arbitrary data from the database's heap memory. Chameleon's MongoDB instances are not publicly accessible and are also hosted with MongoDB Atlas which means they were patched before disclosure. We will, however, keep up to date on any developments from this incident