Skip to Content

How did the CVE-2025-14847 MongoDB exploit break the R6 credit economy?

By: Author Alex Lim

Posted on

Categories Cybersecurity

Home » Cybersecurity » How did the CVE-2025-14847 MongoDB exploit break the R6 credit economy?

Why are Rainbow Six Siege servers offline and did hackers steal my data?

Ubisoft has taken Tom Clancy’s Rainbow Six Siege servers offline following a severe security breach detected on Sunday. Threat actors gained administrative-level access to the game’s backend infrastructure. This unauthorized access allowed intruders to manipulate core game settings, issue arbitrary bans to legitimate players, and reverse valid bans on restricted accounts. Additionally, attackers utilized the system to broadcast unauthorized messages directly to the player base.

Economic Impact and Account Security

The breach severely disrupted the in-game economy. Reports confirm that hackers injected massive quantities of premium currency and items into random accounts.

  • Currency Inflation: Players received unauthorized R6 Credits, Renown, and Alpha Packs.
  • Financial Scope: Approximately 2 billion R6 Credits were distributed. Based on the standard pricing model ($99.99 for 15,000 credits), this illicit distribution holds a real-world value of roughly $13.33 million.
  • Account Status: High-profile accounts, including verified streamers and official Ubisoft staff profiles, faced erroneous bans. Ubisoft is currently reviewing these actions to restore legitimate access.

Technical Analysis: The MongoDB Vulnerability

Security researchers attribute this incident to a specific database flaw identified as CVE-2025-14847, colloquially known as “MongoBleed.” This vulnerability affects MongoDB instances, allowing attackers to bypass authentication protocols and execute remote commands.

By exploiting CVE-2025-14847, the attackers bypassed standard perimeter defenses to interact directly with the player database. This explains the specific nature of the exploit, which focused on database-stored values (currency balances) and administrative flags (ban status) rather than gameplay mechanics like aim-assist or wall-hacks.

Current Status and Recovery

Ubisoft officially acknowledged the incident via X (formerly Twitter) on December 27, 2025. The engineering teams initiated an emergency server shutdown to patch the vulnerability and sanitize the database.

“We’re aware of an incident currently affecting Rainbow Six Siege. Our teams are working on a resolution. We will share further updates once available.” — Ubisoft Official Statement

Players should expect extended downtime while engineers roll back the database to a state prior to the currency injection. This rollback is necessary to stabilize the in-game economy and remove the illicitly generated assets.