tencent cloud

Dear Tencent Cloud user:

Recently, Tencent Cloud observed that MongoDB published an official security advisory disclosing a high-risk vulnerability identified as CVE-2025-14847. To ensure the security of your data, Tencent Cloud recommends that you review this vulnerability and take appropriate measures promptly.

Vulnerability Details

This vulnerability resides within the network request processing logic of MongoDB Server. When the server has Zlib compression enabled for network transmission, a flaw in buffer management during decompression can be exploited by unauthenticated attackers to read data from MongoDB's memory. This potentially causes the leakage of uninitialized in-memory data fragments.

• ● Risk level: critical.
• ● Primary impact: information disclosure (leakage of sensitive in-memory data).
• ● Exploitation prerequisites: Attackers can launch attacks without authentication. The risk is significantly heightened if the port (default port number: 27017) of your database instance is exposed to the public network and no strict security policy is set.

Affected Scope

This vulnerability affects all minor versions of mainstream major MongoDB versions from 4.2 to 8.0 that were released before December 30, 2025. If your instance was created before this date and its current version falls within the range of "Affected Minor Version" listed below, your instance faces a security risk.

Fixing Recommendations

The TencentDB for MongoDB team has released patched versions to address this vulnerability. To ensure the security of your business, check your instance version against the table below and upgrade the minor version to a suitable secure version as soon as possible by referring to Version Upgrade.

If you encounter any issues during the upgrade process, please feel free to submit a ticket.

Thank you for your support and trust in Tencent Cloud.

TencentDB Team