Skip to content
English
My Tickets
  • There are no suggestions because the search field is empty.

Security Advisory: MongoDB Network Compression Vulnerability CVE-2025-14847

We are responding to a reported MongoDB network compression–related vulnerability (CVE-2025-14847) that affects certain MongoDB versions. MongoDB has addressed this issue in newer releases. 

Based on our initial assessment, the likelihood of exploitation is low in typical FileCloud deployments. However, remediation or mitigation is recommended as a security best practice.

A more in-depth assessment is currently ongoing, and this article will be updated here.

FileCloud Online Customers 

The mitigation for online customer will be happening today on December 30th, 2025.

Linux Customers 

Recommended: Upgrade MongoDB 

For Linux customers using FileCloud Online Repository Edition, upgrading MongoDB to 7.0.28/ 6.0.27 (Depending on the filecloud installation) is the recommended approach. 

FileCloud ships and maintains the MongoDB repository as part of the Online Repository Edition, allowing MongoDB to be upgraded safely using standard OS package management tools. 

Upgrade Steps 

  • Take a backup or snapshot 
    • Ensure MongoDB data directories are backed up. 
    • For clustered environments, follow MongoDB’s recommended snapshot or rolling upgrade approach. 
  • Upgrade MongoDB packages 
    • On RHEL: 
      yum update mongodb-org 
    • On Ubuntu: 
      apt-get install --only-upgrade mongodb-org 
  • Restart MongoDB
    • systemctl restart mongod 
  • Verify MongoDB version
    • mongod –version  

MongoDB has already patched this vulnerability in the latest patch release, and the update can be applied safely. 

Linux Customers Unable to Upgrade – Interim Mitigation 

For Linux environments where an upgrade is not immediately possible, an interim mitigation can be applied at the service level

This mitigation disables zlib network compression by explicitly defining the allowed network compressors at MongoDB startup. 

Mitigation Method (Service-Level) 

The MongoDB service is typically managed via systemd and uses the following files: 

  • Service file: 
     
    /usr/lib/systemd/system/mongod.service 
    or 
    /etc/systemd/system/mongod.service 
  • Configuration file (already present): 
    /etc/mongod.conf 

Steps to Apply the Mitigation 

  • Edit the MongoDB systemd service
    • systemctl edit mongod 
  • Override the ExecStart command
    • Add the following override: 
       
      [Service] 
      ExecStart=/usr/bin/mongod --config /etc/mongod.conf --networkMessageCompressors snappy,zstd 
       
      Ensure the mongod binary path matches your system (which mongod can be used to verify). 
  • Reload systemd configuration
    • systemctl daemon-reexec 
      systemctl daemon-reload 
  • Restart MongoDB
    • systemctl restart mongod 
  • Verify MongoDB is running
    • systemctl status mongod 

Windows Customers 

For Windows customers, an interim mitigation is recommended until a future FileCloud release includes the patched MongoDB version. 

On Windows, this mitigation must be applied at the service level, not via MongoDB configuration files. 

Mitigation Details 

The MongoDB service is registered as MongoDB in the Windows system registry. The service command must be updated to explicitly disable zlib compression. 

The service startup command should be set as follows (adjust paths if required): 

C:\xampp\mongodb\bin\mongod.exe --config C:\xampp\mongodb\bin\mongodb.conf --service --networkMessageCompressors snappy,zstd 

Steps to Apply the Mitigation 

  1. Open Registry Editor (regedit) with administrative privileges. 
  2. Navigate to: 
    1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MongoDB 
  3. Locate the ImagePath value. 
  4. Update the value to include the full service command shown above. 
  5. Save the changes and close the Registry Editor. 
  6. Restart the MongoDB service. 

This mitigation effectively disables zlib compression and reduces exposure until the patched MongoDB version is available.