The Aptible Security Team is aware of the recently disclosed vulnerability CVE-2025-14847 (https://github.com/advisories/GHSA-4742-mr57-2r9j) affected all MongoDB versions. The vulnerability could allow an attacker with network access to a MongoDB database to exfiltrate data, including sensitive data and/or credentials, without authenticating to the database.
In response to the vulnerability, we have updated our supported MongoDB versions to prevent exploitations of this vulnerability. In addition, we have proactively restarted databases matching either of the following criteria, to ensure they are running on the latest protected versions:
* All databases in shared-tenancy stacks, and * All databases with customer-created public endpoints that do not have access restricted to an IP allow list
Since Aptible databases run on private networks by default, most Aptible managed MongoDB databases are not accessible from the internet or by other Aptible customers, and so are not vulnerable to CVE-2025-14847. As such, we did not proactively restart these databases. Customers may restart their databases at any time to update to the latest protected versions.