Investigate CVE-2025-55182 in new CVE Sherlock

On December 29, 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14847 to its Known Exploited Vulnerabilities (KEV) catalog, and only a few days later, the MangoBleed Sherlock was released.

In HTB’s newest CVE Sherlock, you’ll be tasked with handling a high‑priority incident involving a suspected compromised server hosted on mongodbsync, a secondary MongoDB server.

After receiving root-level access to facilitate your investigation, you’ll perform a rapid triage analysis of the collected artifacts to determine whether the system has been compromised, identify any attacker activity (initial access, persistence, privilege escalation, lateral movement, or data access/exfiltration), and summarize your findings with an initial incident assessment and recommended next steps.