NetMan Desktop Manager knowledge base
Tags HAN.V5
MongoBleed security vulnerability (CVE-2025-14847) in HAN 5
Although the database used in HAN 5 is affected by the CVE-2025-14847 security vulnerability, the HAN system is not at risk.
HAN 5 uses MongoDB version 3.4, which is officially marked as EOL (end of life). This means that no security fixes are provided for this version by the manufacturer MongoDB.
However, the MongoDB configuration used in HAN ensures that the security vulnerability described in the CVE cannot be exploited. Since HAN 5.1, the database has been configuered by default so that it can only be accessed on the server itself. Technically, this means that the database is only bound to the IP address 127.0.0.1 (localhost) and therefore cannot be accessed externally. However, the security vulnerability described in the CVE can only be exploited via IP communication directly with the database.
The architecture in HAN 5 ensures that all communication from the HAN components to the HAN server takes place via an additional secure HTTPS channel. The additional security methods ensure that only the HAN components can communicate with the database via the HTTPS channel.
In addition, you have the option of deactivating the critical compression algorithm in the database settings themselves.
To do this, open the HAN system settings on the HAN server and select the ‘DB configuration’ option. Click on the button with the three dots in the ‘Configuration’ column:
In the configuration file, please add the following entries in red to the ‘net’ section:
### config net
net:
port: 27017 # database port to use (default: 27017) - this key is changed with port settings in HH-Systemsettings!
ipv6: false
bindIp: localhost
compression:
compressors: snappy
Note: This is a ‘YAML’ file format. This means that the entry ‘compression:’ must be indented by exactly one character, and the entry ‘compressors: snappy’ must be indented by exactly two characters! Tabs or a different number of indentations can cause the database to fail to start.
Then save the change and restart the database via HAN system settings to implement the change.