Thursday, January 15, 2026
HomeDatabase management
Database management

Patching “Mongobleed” (CVE-2025-14847) in Percona Server for MongoDB

Malik
By Malik
0
13
Patching “Mongobleed” (CVE-2025-14847) in Percona Server for MongoDB
Urgent Security Update Patching Mongobleed CVE 2025 14847 in Percona Server for MongoDB


At Percona, our mission has at all times been to offer the neighborhood with actually open-source, enterprise-class software program. A vital a part of that mission is making certain that when safety vulnerabilities come up within the upstream ecosystem, we reply with the urgency and transparency our customers count on.

As many within the MongoDB neighborhood are actually conscious, a safety vulnerability—CVE-2025-14847, informally often called “Mongobleed”—was just lately recognized in MongoDB Server (Neighborhood and Enterprise editions). At this time, I’m publishing the data that this vulnerability has additionally been addressed in Percona Server for MongoDB. 

What’s Mongobleed?

The vulnerability, found by the MongoDB safety group on December 12, 2025, impacts the MongoDB Server and its downstream parts, together with Percona Server for MongoDB. The mongobleed vulnerability permits an unauthenticated distant attacker with community entry to a mongod or mongos occasion to extract fragments of uninitialized server reminiscence, which can comprise delicate information. This vulnerability can solely be exploited if each of the next circumstances are true:

  • The MongoDB server is reachable over the demilitarized or public community, and
  • zlib community compression is allowed (default worth)

Servers that aren’t network-reachable (e.g., embedded programs) or don’t help zlib compression will not be affected by this challenge.

We need to be clear: Percona Server for MongoDB (PSMDB) can also be affected by this upstream vulnerability. Nonetheless, fixes for supported variations can be found in the present day.

Affected MongoDB server and Percona Server for MongoDB variations embody: 

  • 8.2.x releases
    • MongoDB Neighborhood/Enterprise 8.2.0 by means of 8.2.2
  • 8.0.x launch
    • MongoDB Neighborhood/Enterprise 8.0.0 by means of 8.0.16
    • Percona Server for MongoDB 8.0.4-1 by means of 8.0.16-5
  • 7.0.x launch
    • MongoDB Neighborhood/Enterprise 7.0.0 by means of 7.0.26
    • Percona Server for MongoDB 7.0.2-1 by means of 7.0.26-14
  • 6.0.x launch (EOL)
    • MongoDB Neighborhood/Enterprise 6.0.0 by means of 6.0.26
    • Percona Server for MongoDB 6.0.2-1 by means of 6.0.25-20
  • 5.0.x launch (EOL)
    • MongoDB Neighborhood/Enterprise 5.0.0 by means of 5.0.31
    • Percona Server for MongoDB 5.0.2-1 by means of 5.0.29-25
  • 4.4.x launch (EOL)
    • MongoDB Neighborhood/Enterprise 4.4.0 by means of 4.4.29
    • Percona Server for MongoDB 4.4.0-1 by means of 4.4.29-28
  • 4.2.x and older releases (EOL)
    • All MongoDB Neighborhood/Enterprise 4.2, 4.0, and three.6 variations
    • All Percona Server for MongoDB 4.2, 4.0, and three.6 variations

Percona’s Response and Decision

Safety is a collaborative effort. As quickly because the vulnerability was disclosed, our engineering group started the method of integrating, testing, and validating the mandatory patches into our builds to make sure they meet Percona’s requirements for stability and efficiency. Throughout that point, Percona’s core worth—customer-first and our dedication to safety—have remained steadfast. Because of this, now we have revealed a remediation and validation process in our weblog submit on December 31, 2025. 

At this time, we’re releasing up to date variations of Percona Server for MongoDB, which embody a repair for CVE-2025-14847. Our engineers have merged modifications from the upstream, fixing a buffer size mismatch throughout decompression. The repair ensures that the server exactly calculates the scale of the precise decompressed information, “truncates” the buffer, or solely reads precisely that quantity. It prevents the server from ever returning the “slack area” (the uninitialized a part of the buffer) to the community.

If you’re operating Percona Server for MongoDB, we strongly suggest upgrading to the next variations (or newer) instantly:

Percona Server for MongoDB 6.0 is already end-of-life (EOL). Nonetheless, we absolutely perceive the chance this vulnerability poses and are conscious {that a} main improve may not be the correct time for you. Due to this fact, we’re moreover releasing a patch 6.0.27-21 on January 12, 2026, regardless of its EOL standing. 

Till you patch your Percona Server for MongoDB, we strongly suggest disabling zlib community compression on all affected MongoDB servers as a workaround. 

Why Upgrading Issues

Whereas managed providers like MongoDB Atlas can automate these updates, customers of on-premises or self-managed cloud deployments—the core of the Percona neighborhood—should take handbook motion to safe their environments.

By upgrading to the most recent PSMDB releases, you aren’t simply patching “Mongobleed.” You’re additionally benefiting from the most recent efficiency optimizations and bug fixes that Percona supplies as a part of our dedication to the MongoDB ecosystem.

How can I apply a workaround?

In case you can’t improve to the patched variations instantly, you need to positively apply the workaround.

MongoDB situations negotiate compression within the following order by default: snappy, zstd, then zlib. Since zlib is the ultimate fallback, it’s not often utilized in apply, so disabling it should not have any purposeful affect for many deployments. In case you’re unable to instantly patch your Percona Server for MongoDB situations, we strongly suggest making use of the mitigation. The total process with a verification was effectively described in our earlier weblog submit CVE-2025-14847 (MongoBleed) — A Excessive-Severity Reminiscence Leak in MongoDB.

If in case you have questions or would love help validating your configuration, please contact Percona Assist.

Our Dedication to Safety

The “Mongobleed” incident serves as a reminder that safety is a steady journey. Percona stays dedicated to:

  • Transparency: Speaking clearly about dangers and remediation timelines.
  • Velocity: Delivering patches to the neighborhood as shortly as potential following upstream discovery.
  • Freedom: Making certain that those that select to run their very own databases have the identical degree of safety safety as these utilizing proprietary managed providers.

Subsequent Steps

The up to date builds can be found now on our obtain web site and thru our normal repositories. Our security consultants strongly suggest the next further steps after patching the vulnerability: 

  • Rotate all database and utility credentials which will have been uncovered. The exploit permits unauthenticated attackers to probably leak delicate information, together with credentials, API, and encryption keys, from the server’s reminiscence.
  • If potential, be certain that your MongoDB occasion shouldn’t be uncovered to the general public web, utilizing community segmentation or firewall guidelines to limit entry to trusted inside networks solely. 

If in case you have questions relating to the improve course of or how this vulnerability may affect your particular configuration, please attain out to us by way of the Percona Neighborhood Discussion board or contact our help group if you’re a Percona buyer.

Keep safe. All the time.

Previous article
Heartbeats and Bandwidth: Why Rural Well being Transformation Should Begin with Human Connection
Next article
Find out how to construct your individual Fb Sentiment Evaluation Software
Malik
Malikhttps://www.malikinnovations.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

Malik Innovations is your technology, cloud computing and AI tools related website. We provide you with the latest breaking news and videos straight from these industries.

© Copyright 2025 - malikinnovations.com. All rights reserved.