Important MongoDB patch available

Will_Kruse · December 24, 2025, 12:33am

At MongoDB, the security of our users’ data is our highest priority. As part of our proactive security program, we identified a vulnerability impacting the MongoDB Server and have patched all deployments across the Atlas fleet; at this time, we have no evidence that this issue has been exploited or that any customer data has been compromised. For customers self-hosting MongoDB, patched builds are available for all supported versions from 4.4 through 8.0. The vulnerability has been reported as CVE-2025-14847.

All Community Edition users are encouraged to upgrade to the latest version to ensure this patch is applied. You can download all patched Community builds from our download page. Thank you for your continued trust in MongoDB.

Karsten_Hespelt · January 8, 2026, 11:38am

It would be great if you can list the affected (or fixed) versions more detailed.

Bosco_Domingo · January 9, 2026, 5:33pm

My question is why, as an Atlas customer, no one at our company received any information about this. No emails, no banner in the webpage… Nothing.

I only learnt it existed through other people making videos and posts on social media. An 8.7 severity CVE spanning almost 10 years of versions feels like something that should be publicly broadcasted, along with the tools to check if you’ve been affected, a comprehensive list of affected versions and how to remediate it… But maybe that’s just me