NEW YORK, December 29, 2025, 15:18 ET — Regular session
- MongoDB shares fell more than the broader tech sector in afternoon trading.
- A government cyber agency warned of active exploitation of a MongoDB Server memory-leak flaw.
- MongoDB said it has patched its Atlas cloud fleet and urged self-hosted users to upgrade.
MongoDB Inc (MDB) shares were down about 2.2% at $426.35 in afternoon trading on Monday, after swinging between $421.11 and $435.80 earlier in the session.
The decline put a spotlight on a cyber risk that can matter quickly for database providers: patching cadence. When a vulnerability can be exploited without a login, security teams often move to lock down internet exposure before they do anything else.
That urgency can ripple into spending decisions. Enterprises running self-managed databases may delay rollouts or add controls, while vendors face questions about whether cloud-managed fleets were insulated and how fast customers can apply fixes.
The slide in MongoDB also came as the broader market drifted lower. The SPDR S&P 500 ETF was down about 0.3% and the Invesco QQQ Trust tracking the Nasdaq 100 was off about 0.4%, while data- and cloud-linked peers such as Snowflake and Oracle were also lower.
Australia’s Cyber Security Centre issued a critical alert on Monday for CVE-2025-14847, saying the flaw in MongoDB’s zlib compression implementation allows unauthenticated remote exploitation — meaning an attacker does not need valid credentials — and that it was “aware of active global exploitation.” Cyber.gov.au
MongoDB’s own product alerts page lists CVE-2025-14847 with a severity score of 8.7 and says it affects multiple MongoDB Server versions prior to patched releases, including 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32 and 4.4.30.
Tenable said on December 29 that exploitation has been observed and that proof-of-concept code is publicly available, adding that the combination of a public exploit and exposed internet-facing instances increases the likelihood of attackers targeting the flaw.
MongoDB said it has already patched its Atlas fleet — its managed cloud database service — and urged customers running self-hosted deployments to upgrade. “We have no evidence that this issue has been exploited,” Will Kruse wrote in a MongoDB community post dated December 24. MongoDB
For investors, the near-term question is whether the issue stays contained to patching and hardening work, or whether it triggers broader customer scrutiny of database exposure. The fastest-moving signals tend to be follow-on advisories, customer incident reports, and any changes in how quickly organizations apply updates.
Traders are also watching whether the stock can hold above Monday’s session low near $421, which marked the day’s downside test. A rebound toward the $434 area — where shares opened — would suggest the security headlines are being absorbed.
The next scheduled catalyst is earnings season. Zacks expects MongoDB’s next earnings release around March 4, 2026, though the company has not confirmed a date, and investors will be alert for any commentary on security response and customer demand.
