Serial number: AV25-862
Date: December 24, 2025
Updated: December 29, 2025
On December 15, 2025, MongoDB published a security advisory to address a vulnerability in the following products:
- MongoDB – versions 8.2.0 to 8.2.2
- MongoDB – versions 8.0.0 to 8.0.16
- MongoDB – versions 7.0.0 to 7.0.26
- MongoDB – versions 6.0.0 to 6.0.26
- MongoDB – versions 5.0.0 to 5.0.31
- MongoDB – versions 4.4.0 to 4.4.29
- MongoDB Server v4.2 – all versions
- MongoDB Server v4.0 – all versions
- MongoDB Server v3.6 – all versions
Update 1
On December 29, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14847 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.