Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 MongoDB Information Exposure Threat USN-8160-1 CVE-2025-14847

ubuntu
Calendar Grey April 10, 2026
Dist Ubuntu Esm H88
MongoDB on Ubuntu could leak sensitive information via unprotected network exposure. Update now for security.
MongoDB could be made to expose sensitive information over the network.

Summary

MongoDB could be made to expose sensitive information over the

network.

Software Description:

- mongodb: object/document-oriented database

Details:

It was discovered that MongoDB incorrectly handled length parameters

in zlib-compressed network messages prior to authentication. An

unauthenticated remote attacker could possibly use this issue to

cause MongoDB to allocate an oversized memory buffer, resulting

in the exposure of sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  mongodb                         1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
                                  Available with Ubuntu Pro
  mongodb-clients                 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
                                  Available with Ubuntu Pro
  mongodb-server                  1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
                                  Available with Ubuntu Pro
  mongodb-server-core             1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  mongodb                         1:3.6.3-0ubuntu1.4+esm2
                                  Available with Ubuntu Pro
  mongodb-clients                 1:3.6.3-0ubuntu1.4+esm2
                                  Available with Ubuntu Pro
  mongodb-server                  1:3.6.3-0ubuntu1.4+esm2
                                  Available with Ubuntu Pro
  mongodb-server-core             1:3.6.3-0ubuntu1.4+esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart the mongodb
service to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8160-1

CVE-2025-14847

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8160-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here