Solventum Security Update: MongoDB "MongoBleed" (CVE-2025-14847)
Summary
MongoDB recently disclosed a critical vulnerability known as MongoBleed (CVE-2025-14847). This issue can allow an unauthenticated attacker to read fragments of server memory when zlib compression is enabled. Exploit code was released publicly on December 26, and active attacks have been observed in the industry.
Solventum is actively assessing impact across our entire portfolio and has taken immediate steps to protect systems where MongoDB is used.
Key points:
- No compromise or exploitation has been detected in Solventum products or services.
- We have applied fixes to impacted components and will continue monitoring for any changes.
- Broader portfolio review is underway to confirm no additional exposure.
Products Impacted and Actions Taken | |||
| Product / Component | Exposure | Action Taken | Next Steps |
| 360 Encompass - Connexion Integrator (Remote Agent) | Internal only, requires elevated access | Patch completed; remote deployment available via Gateway Management Ul | ISA team coordinating updates where remote patching isn't feasible |
What We Need From You
- No immediate action required unless contacted by the ISA team for coordination.
Our Commitment
We are treating MongoBleed as a top priority and will continue to provide updates as remediation progresses. If you have questions or need details for your environment, please reach out to the Solventum Security team.