MongoDB Server Security Update, December 2025
4 months ago
- #Vulnerability
- #MongoDB
- #Security
- MongoDB identified a security vulnerability (CVE-2025-14847) called 'Mongobleed' impacting MongoDB Server.
- The vulnerability was discovered internally, not a breach, and does not affect MongoDB Atlas or its systems.
- Customers are advised to update to the latest patched versions of MongoDB software.
- A detailed timeline from December 12-23, 2025, outlines MongoDB's response, including detection, validation, patching, and communication.
- MongoDB Atlas instances were proactively patched within days, with clear communication to customers.
- Patches were also released for MongoDB Enterprise Advanced and Community Edition users.
- MongoDB emphasizes continuous improvement in security practices and transparency with customers.
- The company remains committed to protecting customer data and maintaining trust.