MongoDB CVE-2025-14847

[libpoet1312]

Hello all.

rocketchat by default uses bitnamilegacy/mongodb docker image.

There was a CVE discovered about ALL mongodb versions:

• https://www.cve.org/CVERecord?id=CVE-2025-14847
• https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025

Will you proceed in updating anything in your helm chart or should we move to an external mongodb instance?

[PrashamJain1318]

Hello @libpoet1312,

Thank you for bringing this critical security vulnerability to the team's attention. CVE-2025-14847 is a serious issue that affects all MongoDB versions and needs immediate attention.

I'm interested in contributing to the resolution of this issue. Here are some potential approaches we could consider:

Proposed Solutions:

1. Update to Bitnami MongoDB with patched version: Check if newer versions of the bitnamilegacy/mongodb image include security patches for this CVE

2. Document MongoDB version recommendations: Add clear documentation about which MongoDB versions are affected and recommended versions to use

3. Add support for external MongoDB instances: Enhance the helm chart to make it easier for users to configure external MongoDB instances

4. Create migration guide: Provide step-by-step documentation for migrating from embedded MongoDB to external instances

My experience:

• Kubernetes/Helm deployment and version management
• Security vulnerability assessment and patching
• Database migration and configuration management
• CI/CD pipeline automation

Next Steps:

I'd like to:

1. Research the latest patched MongoDB versions available
2. Check Bitnami's MongoDB image repository for available patch versions
3. Propose implementation changes to the helm chart values
4. Create a pull request with the necessary updates

Could you please assign this issue to me? I'm ready to start working on a solution immediately.

Thank you!