Outage in Aptible
CVE-2025-14847: MongoDB unauthenticated information leak
Resolved MinorIncident Report
The Aptible Security Team is aware of the recently disclosed vulnerability CVE-2025-14847 (https://github.com/advisories/GHSA-4742-mr57-2r9j) affected all MongoDB versions. The vulnerability could allow an attacker with network access to a MongoDB database to exfiltrate data, including sensitive data and/or credentials, without authenticating to the database.
In response to the vulnerability, we have updated our supported MongoDB versions to prevent exploitations of this vulnerability. In addition, we have proactively restarted databases matching either of the following criteria, to ensure they are running on the latest protected versions:
* All databases in shared-tenancy stacks, and
* All databases with customer-created public endpoints that do not have access restricted to an IP allow list
Since Aptible databases run on private networks by default, most Aptible managed MongoDB databases are not accessible from the internet or by other Aptible customers, and so are not vulnerable to CVE-2025-14847. As such, we did not proactively restart these databases. Customers may restart their databases at any time to update to the latest protected versions.
Components affected
Aptible DeployNeed to monitor Aptible outages?
One place to monitor all your cloud vendors. Get instant alerts when an outage is detected.
Latest Updates ( sorted recent to last )
RESOLVED
about 21 hours ago - at 12/30/2025 05:15PM
This incident has been resolved.
MONITORING
1 day ago - at 12/30/2025 02:14AM
The Aptible Security Team is aware of the recently disclosed vulnerability CVE-2025-14847 (https://github.com/advisories/GHSA-4742-mr57-2r9j) affected all MongoDB versions. The vulnerability could allow an attacker with network access to a MongoDB database to exfiltrate data, including sensitive data and/or credentials, without authenticating to the database.
In response to the vulnerability, we have updated our supported MongoDB versions to prevent exploitations of this vulnerability. In addition, we have proactively restarted databases matching either of the following criteria, to ensure they are running on the latest protected versions:
* All databases in shared-tenancy stacks, and
* All databases with customer-created public endpoints that do not have access restricted to an IP allow list
Since Aptible databases run on private networks by default, most Aptible managed MongoDB databases are not accessible from the internet or by other Aptible customers, and so are not vulnerable to CVE-2025-14847. As such, we did not proactively restart these databases. Customers may restart their databases at any time to update to the latest protected versions.
Latest Aptible outages
Performance issues on auth.aptible.com - about 3 hours ago
CVE-2025-55182: React server component vulnerability - 26 days ago
Operations Impacted by Host Provisioning Failures - 2 months ago
Operation failures due to AWS Outage - 2 months ago
Status Aggregator for All Your Third-Party Services
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 5010 services available
Integrations with
