We are aware of reports concerning the MongoBleed vulnerability leading to critical memory leak and sensitive data extraction affecting MongoDB deployments. Following a detailed review of Cumulocity’s architecture, we confirm that Cumulocity Cloud or Edge platforms are not affected by this vulnerability.
CVE-ID: CVE-2025-14847
Reference: NVD - CVE-2025-14847
The reported issue is exploitable only when MongoDB instances are directly exposed to external networks. In Cumulocity platforms, MongoDB is not exposed to the internet and is accessible exclusively through trusted internal components. Consequently, this vulnerability does not apply to Cumulocity.
As part of our regular upgrade and maintenance cycle, MongoDB is periodically reviewed and updated to the latest supported stable versions, ensuring continued alignment with security best practices.
We continue to monitor relevant security advisories and assess their applicability to Cumulocity platforms as part of our ongoing security management processes.