Can someone, please, open a case to SPLUNK for official communication?
I get error after sending a NEW CASE

MONGODB Vulnerability CVE-2025-14847

https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025

SPLUNK ENTERPRISE
9.3.X
9.4.X
10.X.X

/opt/splunk/bin/splunk cmd mongod -version

SECURITY ISSUE

Hi @verbal_666 

Keep an eye on https://advisory.splunk.com/ for any updates regarding this Vuln which will contain details around if/how mitigations should be applied to Splunk. 

We are also due a maintenance update to 9.4.x imminently (10.2 was released last week).

Its also worth raising a support case with Splunk directly to discuss this as they may be able to provide additional information under your contract/NDA with them.

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

It will probably be patched in some subsequent release. But the standard disclaimer for all alarm bell ringers applies - verify the scope and exposition surface of your "vulnerabilities". Even if there is an issue with mongodb, normally you shouldn't provide remote access (or even a local one - you don't normally allow users shell access to your Splunk components).

So don't just blindly rush to patch everything just because Nessus or Nexpose flagged something red.