Security-related information:
Impact of vulnerability CVE-2025-14847 on our products
A security vulnerability called “MongoBleed” (CVE-2025-14847) has been identified. We would like to take this opportunity to inform you about the vulnerability and its implications.
I. Summary of the security vulnerability
This vulnerability, known as “MongoBleed”, is a vulnerability in MongoDB where improper handling of zlib compressed messages allows unauthenticated attackers to read uninitialized server memory. By sending a specially crafted compressed packet into MongoDB, an attacker can trigger the database to allocate an oversized buffer and accidentally reveal sensitive information such as passwords, API keys, and session tokens, then the attacker can access contents in the database. The issue is actively exploited with PoC code and has been added to CISA’s Known Exploited Vulnerabilities Catalog on Dec 29, 2025.
II. Impact on our products
No products from TA Triumph-Adler and UTAX are affected by this vulnerability.
MongoDB, the affected database software, is not used in our products, with the exception of “TA/UTAX Cloud Print and Scan”. “TA/UTAX Cloud Print and Scan” uses “MongoDB Atlas”, the managed MongoDB service. And the maintenance team applied the security patch updates to this managed service prior to the public disclosure of the vulnerability. For more information, please refer to the following official MongoDB advisory: MongoDB Server Security Update, December 2025 | MongoDB.
MongoDB, the affected database software, is not used in our products, with the exception of “TA/UTAX Cloud Print and Scan”. “TA/UTAX Cloud Print and Scan” uses “MongoDB Atlas”, the managed MongoDB service. And the maintenance team applied the security patch updates to this managed service prior to the public disclosure of the vulnerability. For more information, please refer to the following official MongoDB advisory: MongoDB Server Security Update, December 2025 | MongoDB.