Third-Party Package Update in Splunk Enterprise - MongoDB CVE-2025-14847
Advisory ID: SVD-2026-0101
CVE ID: CVE-2025-14847
Published: 2026-01-29
Last Update: 2026-01-29
CVSSv3.1 Score: 5.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: NA
Bug ID: VULN-56383
Description
Splunk remedied CVE-2025-14847 in MongoDB in Splunk Enterprise versions 10.2.0, 10.0.3, 9.4.8, 9.3.9, 9.2.12, and higher by implementing the workaround recommended by MongoDB. See the following for MongoDB upgrades and patches:
- For Splunk Enterprise 10.2.0, 10.0.3, and 9.4.8 for Linux, Splunk Enterprise upgraded the MongoDB versions to 8.0.10-patch-67e1e610f737760007cfe08b, 7.0.18-patch-694341b1e05e2a0007bc4524, 6.0.27, 5.0.32, and 4.4.30, which include the fix for CVE-2025-14847.
- For Splunk Enterprise 10.2.0, 10.0.3, and 9.4.8 for Windows, Splunk Enterprise upgraded the MongoDB versions to 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.
- For Splunk Enterprise 9.3.9 and 9.2.12 for Linux, Splunk Enterprise upgraded MongoDB to 4.2.17v5-patch-694ad0da1ac2990007ffa5ea, which includes the fix for CVE-2025-14847.
- For Splunk Enterprise 9.3.9 and 9.2.12 for Windows, Splunk Enterprise upgraded MongoDB to 4.2.25-patch-694b30f24454a30007aabc2e, which includes the fix for CVE-2025-14847.
Older MongoDB versions included in Splunk Enterprise are only used for a one‑time migration during major or minor upgrades and are not used during maintenance updates or otherwise.
Other Splunk products including the Splunk Universal Forwarder are not affected.
Solution
Upgrade Splunk Enterprise to versions 10.2.0, 10.0.3, 9.4.8, 9.3.9, 9.2.12, or higher.
Product Status
| Product | Base Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 10.2 | KV Store | Not affected | 10.2.0 |
| Splunk Enterprise | 10.0 | KV Store | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Enterprise | 9.4 | KV Store | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Enterprise | 9.3 | KV Store | 9.3.0 to 9.3.8 | 9.3.9 |
| Splunk Enterprise | 9.2 | KV Store | 9.2.0 to 9.2.11 | 9.2.12 |
Mitigations and Workarounds
As a potential mitigation, disable the App Key Value Store (KV Store) on indexers or heavy forwarders, and on any installation that does not have any local apps or local lookups that use the KV Store. See Splunk help for more information.
Detections
None
Severity
Splunk rated the vulnerability as Medium, 5.3, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Splunk Enterprise’s use of MongoDB is limited to the KV Store and KV Store lookups. See Splunk Help for more information on how apps might use the KV Store.