The ProfileUnity MongoDB instance is not directly accessible by ProfileUnity clients; access is limited to ProfileUnity backend services over TLS using certificate-based authentication and network controls. As a result, untrusted client input does not reach the database directly, significantly mitigating the exploitability of CVE-2025-14847.
NOTE: At this time an upgrade to 7.0.28 would not be supported.
An updated MongoDB installer for ProfileUnity will be available within the next month.
Follow the hotfix KB to be alerted to the release - https://support.liquidware.com/hc/en-us/articles/360033876051-ProfileUnity-Hot-Fix-List.
Currently MongoDB 7.0.23 is supported by ProfileUnity 6.8.7 Console versions and is available on the HotFix page.
https://support.liquidware.com/hc/en-us/articles/360033876051-ProfileUnity-Hot-Fix-List
- Applies to all 6.8.7 Console versions; R1, R1 HF1-HF3, R2 and R2 HF1-HF2
- This will also upgrade 6.8.6 and older versions to MongoDB 5.0.31