{"id":6268,"date":"2025-12-25T14:54:52","date_gmt":"2025-12-25T07:54:52","guid":{"rendered":"https:\/\/tamanh.asia\/?p=6268"},"modified":"2025-12-29T15:53:09","modified_gmt":"2025-12-29T08:53:09","slug":"lo-hong-cve-nghiem-trong-mongodb-nguy-co-ro-ri-du-lieu-khan-cap","status":"publish","type":"post","link":"https:\/\/tamanh.asia\/?p=6268","title":{"rendered":"L\u1ed7 h\u1ed5ng CVE nghi\u00eam tr\u1ecdng MongoDB: Nguy c\u01a1 r\u00f2 r\u1ec9 d\u1eef li\u1ec7u kh\u1ea9n c\u1ea5p"},"content":{"rendered":"<p>M\u1ed9t&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng, \u0111\u01b0\u1ee3c theo d\u00f5i d\u01b0\u1edbi m\u00e3 \u0111\u1ecbnh danh&nbsp;<strong>CVE-2025-14847<\/strong>, \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong n\u1ec1n t\u1ea3ng c\u01a1 s\u1edf d\u1eef li\u1ec7u MongoDB. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng tr\u00edch xu\u1ea5t d\u1eef li\u1ec7u t\u1eeb v\u00f9ng nh\u1edb heap ch\u01b0a \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o (uninitialized heap memory) t\u1eeb c\u00e1c m\u00e1y ch\u1ee7 c\u01a1 s\u1edf d\u1eef li\u1ec7u m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c.<\/p><p>\u0110i\u1ec3m c\u1ed1t l\u00f5i c\u1ee7a&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE-2025-14847<\/strong>&nbsp;n\u1eb1m \u1edf vi\u1ec7c tri\u1ec3n khai t\u00ednh n\u0103ng n\u00e9n&nbsp;<strong>zlib<\/strong>&nbsp;c\u1ee7a MongoDB v\u00e0 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn nhi\u1ec1u phi\u00ean b\u1ea3n c\u1ee7a n\u1ec1n t\u1ea3ng n\u00e0y. S\u1ef1 t\u1ed3n t\u1ea1i c\u1ee7a&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;n\u00e0y cho ph\u00e9p khai th\u00e1c ph\u00eda m\u00e1y kh\u00e1ch (client-side exploitation) \u0111\u1ed1i v\u1edbi vi\u1ec7c tri\u1ec3n khai zlib c\u1ee7a MongoDB Server, c\u00f3 nguy c\u01a1 ph\u01a1i b\u00e0y d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m l\u01b0u tr\u1eef trong v\u00f9ng nh\u1edb heap ch\u01b0a \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o.<\/p><h2 class=\"wp-block-heading\">Ph\u00e2n t\u00edch Chi ti\u1ebft L\u1ed7 h\u1ed5ng CVE-2025-14847<\/h2><h3 class=\"wp-block-heading\">B\u1ea3n ch\u1ea5t v\u00e0 C\u01a1 ch\u1ebf Khai th\u00e1c c\u1ee7a L\u1ed7 h\u1ed5ng CVE<\/h3><p>L\u1ed7 h\u1ed5ng&nbsp;<strong>CVE-2025-14847<\/strong>&nbsp;b\u1eaft ngu\u1ed3n t\u1eeb vi\u1ec7c qu\u1ea3n l\u00fd b\u1ed9 nh\u1edb kh\u00f4ng \u0111\u00fang c\u00e1ch trong qu\u00e1 tr\u00ecnh tri\u1ec3n khai n\u00e9n zlib c\u1ee7a MongoDB. Khi m\u1ed9t y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c x\u1eed l\u00fd, m\u1ed9t s\u1ed1 v\u00f9ng nh\u1edb heap \u0111\u01b0\u1ee3c c\u1ea5p ph\u00e1t \u0111\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u t\u1ea1m th\u1eddi. Tuy nhi\u00ean, sau khi ho\u00e0n th\u00e0nh t\u00e1c v\u1ee5, nh\u1eefng v\u00f9ng nh\u1edb n\u00e0y c\u00f3 th\u1ec3 kh\u00f4ng \u0111\u01b0\u1ee3c x\u00f3a ho\u1eb7c ghi \u0111\u00e8 \u0111\u00fang c\u00e1ch, \u0111\u1ec3 l\u1ea1i d\u1eef li\u1ec7u \u201cc\u0169\u201d c\u00f2n s\u00f3t l\u1ea1i.<\/p><p>C\u01a1 ch\u1ebf khai th\u00e1c cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng g\u1eedi c\u00e1c y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c ch\u1ebf t\u1ea1o \u0111\u1eb7c bi\u1ec7t t\u1edbi m\u00e1y ch\u1ee7 MongoDB. Nh\u1eefng y\u00eau c\u1ea7u n\u00e0y t\u01b0\u01a1ng t\u00e1c v\u1edbi th\u01b0 vi\u1ec7n n\u00e9n zlib theo c\u00e1ch kh\u00f4ng mong mu\u1ed1n. Do l\u1ed7i logic trong vi\u1ec7c x\u1eed l\u00fd ho\u1eb7c t\u00e1i s\u1eed d\u1ee5ng v\u00f9ng nh\u1edb, m\u00e1y ch\u1ee7 c\u00f3 th\u1ec3 v\u00f4 t\u00ecnh ph\u1ea3n h\u1ed3i l\u1ea1i b\u1eb1ng c\u00e1c kh\u1ed1i d\u1eef li\u1ec7u t\u1eeb v\u00f9ng nh\u1edb heap ch\u01b0a \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o. C\u00e1c kh\u1ed1i d\u1eef li\u1ec7u n\u00e0y ch\u1ee9a th\u00f4ng tin c\u00f2n s\u00f3t l\u1ea1i t\u1eeb c\u00e1c thao t\u00e1c tr\u01b0\u1edbc \u0111\u00f3 tr\u00ean m\u00e1y ch\u1ee7.<\/p><p>\u0110i\u1ec1u l\u00e0m cho&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m l\u00e0 kh\u1ea3 n\u0103ng khai th\u00e1c m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c v\u1edbi m\u00e1y ch\u1ee7. Y\u1ebfu t\u1ed1 n\u00e0y l\u00e0m gi\u1ea3m \u0111\u00e1ng k\u1ec3 r\u00e0o c\u1ea3n cho c\u00e1c t\u00e1c nh\u00e2n \u0111\u1ed9c h\u1ea1i, cho ph\u00e9p ch\u00fang th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng qu\u00e9t di\u1ec7n r\u1ed9ng ho\u1eb7c t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 t\u00ecm ki\u1ebfm c\u00e1c m\u00e1y ch\u1ee7 d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng. Vi\u1ec7c khai th\u00e1c&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;kh\u00f4ng y\u00eau c\u1ea7u \u0111\u1eb7c quy\u1ec1n truy c\u1eadp hay th\u00f4ng tin x\u00e1c th\u1ef1c n\u00e0o, gia t\u0103ng \u0111\u00e1ng k\u1ec3 nguy c\u01a1.<\/p><h3 class=\"wp-block-heading\">C\u00e1c Phi\u00ean b\u1ea3n MongoDB B\u1ecb \u1ea2nh h\u01b0\u1edfng<\/h3><p>L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng n\u00e0y t\u00e1c \u0111\u1ed9ng \u0111\u1ebfn m\u1ed9t lo\u1ea1t c\u00e1c phi\u00ean b\u1ea3n MongoDB, bao g\u1ed3m nhi\u1ec1u b\u1ea3n ph\u00e1t h\u00e0nh l\u1edbn. C\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng v\u00e0 chuy\u00ean gia b\u1ea3o m\u1eadt c\u1ea7n \u0111\u1eb7c bi\u1ec7t l\u01b0u \u00fd \u0111\u1ebfn c\u00e1c phi\u00ean b\u1ea3n sau \u0111\u00e2y, v\u00ec ch\u00fang c\u00f3 nguy c\u01a1 b\u1ecb khai th\u00e1c cao b\u1edfi&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE-2025-14847<\/strong>:<\/p><ul class=\"wp-block-list\"><li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>8.2.3<\/strong><\/li>\n\n<li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>8.0.17<\/strong><\/li>\n\n<li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>7.0.28<\/strong><\/li>\n\n<li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>6.0.27<\/strong><\/li>\n\n<li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>5.0.32<\/strong><\/li>\n\n<li>T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n MongoDB tr\u01b0\u1edbc&nbsp;<strong>4.4.30<\/strong><\/li><\/ul><p>N\u1ebfu h\u1ec7 th\u1ed1ng \u0111ang ch\u1ea1y b\u1ea5t k\u1ef3 phi\u00ean b\u1ea3n n\u00e0o trong s\u1ed1 n\u00e0y, vi\u1ec7c n\u00e2ng c\u1ea5p ho\u1eb7c \u00e1p d\u1ee5ng gi\u1ea3i ph\u00e1p t\u1ea1m th\u1eddi \u0111\u1ec3 kh\u1eafc ph\u1ee5c&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;l\u00e0 b\u1eaft bu\u1ed9c.<\/p><h2 class=\"wp-block-heading\">Khuy\u1ebfn ngh\u1ecb B\u1ea3o m\u1eadt v\u00e0 C\u1eadp nh\u1eadt B\u1ea3n v\u00e1 Kh\u1ea9n c\u1ea5p<\/h2><h3 class=\"wp-block-heading\">C\u00e1c Phi\u00ean b\u1ea3n \u0110\u00e3 V\u00e1 l\u1ed7i<\/h3><p>\u0110\u1ec3 kh\u1eafc ph\u1ee5c&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE-2025-14847<\/strong>, MongoDB khuy\u1ebfn ngh\u1ecb m\u1ea1nh m\u1ebd t\u1ea5t c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c n\u00e2ng c\u1ea5p ngay l\u1eadp t\u1ee9c l\u00ean c\u00e1c phi\u00ean b\u1ea3n \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 l\u1ed7i sau:<\/p><ul class=\"wp-block-list\"><li><strong>MongoDB 8.2.3<\/strong><\/li>\n\n<li><strong>MongoDB 8.0.17<\/strong><\/li>\n\n<li><strong>MongoDB 7.0.28<\/strong><\/li>\n\n<li><strong>MongoDB 6.0.27<\/strong><\/li>\n\n<li><strong>MongoDB 5.0.32<\/strong><\/li>\n\n<li><strong>MongoDB 4.4.30<\/strong><\/li><\/ul><p>Vi\u1ec7c \u00e1p d\u1ee5ng&nbsp;<strong>b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt<\/strong>&nbsp;n\u00e0y l\u00e0 h\u00e0nh \u0111\u1ed9ng \u01b0u ti\u00ean h\u00e0ng \u0111\u1ea7u \u0111\u1ec3 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u v\u00e0 h\u1ec7 th\u1ed1ng kh\u1ecfi nguy c\u01a1 b\u1ecb khai th\u00e1c. C\u00e1c b\u1ea3n c\u1eadp nh\u1eadt n\u00e0y bao g\u1ed3m c\u00e1c s\u1eeda l\u1ed7i c\u1ea7n thi\u1ebft trong vi\u1ec7c qu\u1ea3n l\u00fd b\u1ed9 nh\u1edb li\u00ean quan \u0111\u1ebfn t\u00ednh n\u0103ng n\u00e9n zlib, nh\u1eb1m \u0111\u00f3ng l\u1ea1i&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;ti\u1ec1m \u1ea9n.<\/p><h3 class=\"wp-block-heading\">Gi\u1ea3i ph\u00e1p T\u1ea1m th\u1eddi (Workaround)<\/h3><p>\u0110\u1ed1i v\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c ch\u01b0a th\u1ec3 n\u00e2ng c\u1ea5p ngay l\u1eadp t\u1ee9c, MongoDB cung c\u1ea5p m\u1ed9t gi\u1ea3i ph\u00e1p t\u1ea1m th\u1eddi \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;n\u00e0y. Gi\u1ea3i ph\u00e1p n\u00e0y t\u1eadp trung v\u00e0o vi\u1ec7c v\u00f4 hi\u1ec7u h\u00f3a t\u00ednh n\u0103ng n\u00e9n zlib, v\u1ed1n l\u00e0 ngu\u1ed3n g\u1ed1c c\u1ee7a l\u1ed7 h\u1ed5ng. Th\u00f4ng tin chi ti\u1ebft c\u00f3 th\u1ec3 tham kh\u1ea3o t\u1eeb&nbsp;<a href=\"https:\/\/jira.mongodb.org\/browse\/SERVER-115508\" target=\"_blank\" rel=\"noreferrer noopener\">SERVER-115508 tr\u00ean MongoDB Jira<\/a>, m\u1ed9t ngu\u1ed3n \u0111\u00e1ng tin c\u1eady cho c\u00e1c v\u1ea5n \u0111\u1ec1 k\u1ef9 thu\u1eadt c\u1ee7a MongoDB.<\/p><p>\u0110\u1ec3 v\u00f4 hi\u1ec7u h\u00f3a n\u00e9n zlib, qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng c\u1ea7n c\u1ea5u h\u00ecnh&nbsp;<code>mongod<\/code>&nbsp;ho\u1eb7c&nbsp;<code>mongos<\/code>&nbsp;\u0111\u1ec3 lo\u1ea1i b\u1ecf zlib kh\u1ecfi c\u00e1c thi\u1ebft l\u1eadp&nbsp;<code>networkMessageCompressors<\/code>&nbsp;ho\u1eb7c&nbsp;<code>net.compression\/compressor<\/code>. C\u00e1c l\u1ef1a ch\u1ecdn thay th\u1ebf an to\u00e0n h\u01a1n, \u0111\u00e3 \u0111\u01b0\u1ee3c ki\u1ec3m ch\u1ee9ng nh\u01b0&nbsp;<strong>Snappy<\/strong>&nbsp;ho\u1eb7c&nbsp;<strong>Zstd<\/strong>, n\u00ean \u0111\u01b0\u1ee3c \u01b0u ti\u00ean s\u1eed d\u1ee5ng. N\u1ebfu kh\u00f4ng c\u00f3 y\u00eau c\u1ea7u \u0111\u1eb7c bi\u1ec7t v\u1ec1 n\u00e9n, c\u00f3 th\u1ec3 t\u1eaft ho\u00e0n to\u00e0n t\u00ednh n\u0103ng n\u00e9n.<\/p><p>V\u00ed d\u1ee5 c\u1ea5u h\u00ecnh trong t\u1ec7p&nbsp;<code>mongod.conf<\/code>&nbsp;ho\u1eb7c&nbsp;<code>mongos.conf<\/code>:<\/p><pre class=\"wp-block-code\"><code>\n# V\u00f4 hi\u1ec7u h\u00f3a zlib b\u1eb1ng c\u00e1ch ch\u1ec9 \u0111\u1ecbnh c\u00e1c b\u1ed9 n\u00e9n an to\u00e0n\nnet:\n  compression:\n    compressors: snappy,zstd\n\n# Ho\u1eb7c t\u1eaft ho\u00e0n to\u00e0n t\u00ednh n\u0103ng n\u00e9n\n# net:\n#   compression:\n#     compressors: off\n<\/code><\/pre><p>L\u01b0u \u00fd r\u1eb1ng vi\u1ec7c t\u1eaft n\u00e9n c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn hi\u1ec7u su\u1ea5t m\u1ea1ng v\u00e0 b\u0103ng th\u00f4ng, t\u00f9y thu\u1ed9c v\u00e0o kh\u1ed1i l\u01b0\u1ee3ng d\u1eef li\u1ec7u truy\u1ec1n t\u1ea3i v\u00e0 c\u1ea5u h\u00ecnh m\u1ea1ng hi\u1ec7n t\u1ea1i c\u1ee7a h\u1ec7 th\u1ed1ng. C\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n \u0111\u00e1nh gi\u00e1 k\u1ef9 l\u01b0\u1ee1ng t\u00e1c \u0111\u1ed9ng n\u00e0y tr\u01b0\u1edbc khi \u00e1p d\u1ee5ng gi\u1ea3i ph\u00e1p.<\/p><h2 class=\"wp-block-heading\">Nguy c\u01a1 R\u00f2 r\u1ec9 D\u1eef li\u1ec7u Nh\u1ea1y c\u1ea3m v\u00e0 H\u1eadu qu\u1ea3<\/h2><h3 class=\"wp-block-heading\">H\u1eadu qu\u1ea3 c\u1ee7a Vi\u1ec7c Ph\u01a1i b\u00e0y V\u00f9ng nh\u1edb Heap<\/h3><p>Vi\u1ec7c ph\u01a1i b\u00e0y v\u00f9ng nh\u1edb heap ch\u01b0a \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o, m\u1ed9t h\u1eadu qu\u1ea3 tr\u1ef1c ti\u1ebfp c\u1ee7a&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE-2025-14847<\/strong>, c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn&nbsp;<strong>r\u00f2 r\u1ec9 d\u1eef li\u1ec7u<\/strong>&nbsp;nghi\u00eam tr\u1ecdng. D\u1eef li\u1ec7u n\u00e0y ti\u1ec1m \u1ea9n nguy c\u01a1 ti\u1ebft l\u1ed9 nhi\u1ec1u lo\u1ea1i th\u00f4ng tin nh\u1ea1y c\u1ea3m:<\/p><ul class=\"wp-block-list\"><li><strong>N\u1ed9i dung c\u01a1 s\u1edf d\u1eef li\u1ec7u:<\/strong>&nbsp;M\u1ed9t ph\u1ea7n ho\u1eb7c to\u00e0n b\u1ed9 b\u1ea3n ghi d\u1eef li\u1ec7u, bao g\u1ed3m th\u00f4ng tin c\u00e1 nh\u00e2n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, giao d\u1ecbch t\u00e0i ch\u00ednh ho\u1eb7c d\u1eef li\u1ec7u kinh doanh \u0111\u1ed9c quy\u1ec1n, c\u00f3 th\u1ec3 b\u1ecb l\u1ed9 ra ngo\u00e0i.<\/li>\n\n<li><strong>Kh\u00f3a m\u00e3 h\u00f3a:<\/strong>&nbsp;C\u00e1c kh\u00f3a b\u00ed m\u1eadt, kh\u00f3a ri\u00eang t\u01b0 ho\u1eb7c c\u00e1c th\u00e0nh ph\u1ea7n quan tr\u1ecdng c\u1ee7a h\u1ec7 th\u1ed1ng m\u00e3 h\u00f3a \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi MongoDB ho\u1eb7c c\u00e1c \u1ee9ng d\u1ee5ng li\u00ean quan c\u00f3 th\u1ec3 b\u1ecb tr\u00edch xu\u1ea5t. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 l\u00e0m m\u1ea5t hi\u1ec7u l\u1ef1c to\u00e0n b\u1ed9 c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt.<\/li>\n\n<li><strong>D\u1eef li\u1ec7u c\u1ea5u h\u00ecnh:<\/strong>&nbsp;Th\u00f4ng tin v\u1ec1 c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng, th\u00f4ng tin \u0111\u0103ng nh\u1eadp d\u1ecbch v\u1ee5, chu\u1ed7i k\u1ebft n\u1ed1i c\u01a1 s\u1edf d\u1eef li\u1ec7u ho\u1eb7c c\u00e1c chi ti\u1ebft nh\u1ea1y c\u1ea3m kh\u00e1c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 m\u1edf r\u1ed9ng cu\u1ed9c t\u1ea5n c\u00f4ng.<\/li>\n\n<li><strong>D\u1eef li\u1ec7u b\u00ed m\u1eadt kh\u00e1c:<\/strong>&nbsp;B\u1ea5t k\u1ef3 th\u00f4ng tin n\u00e0o \u0111ang t\u1ed3n t\u1ea1i t\u1ea1m th\u1eddi trong b\u1ed9 nh\u1edb c\u1ee7a m\u00e1y ch\u1ee7 t\u1ea1i th\u1eddi \u0111i\u1ec3m khai th\u00e1c, bao g\u1ed3m c\u1ea3 d\u1eef li\u1ec7u t\u1eeb c\u00e1c phi\u00ean l\u00e0m vi\u1ec7c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng h\u1ee3p ph\u00e1p.<\/li><\/ul><p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng khai th\u00e1c&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra thi\u1ec7t h\u1ea1i \u0111\u00e1ng k\u1ec3, t\u1eeb vi\u1ec7c m\u1ea5t uy t\u00edn nghi\u00eam tr\u1ecdng c\u1ee7a t\u1ed5 ch\u1ee9c, \u0111\u1ebfn c\u00e1c h\u1eadu qu\u1ea3 t\u00e0i ch\u00ednh v\u00e0 ph\u00e1p l\u00fd do vi ph\u1ea1m c\u00e1c quy \u0111\u1ecbnh v\u1ec1 quy\u1ec1n ri\u00eang t\u01b0 d\u1eef li\u1ec7u nh\u01b0 GDPR ho\u1eb7c CCPA.<\/p><h3 class=\"wp-block-heading\">\u01afu ti\u00ean An to\u00e0n Th\u00f4ng tin<\/h3><p>C\u00e1c nh\u00f3m b\u1ea3o m\u1eadt c\u1ea7n \u01b0u ti\u00ean v\u00e1 l\u1ed7i c\u00e1c c\u00e0i \u0111\u1eb7t MongoDB ngay l\u1eadp t\u1ee9c \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c v\u1ee5&nbsp;<strong>r\u00f2 r\u1ec9 d\u1eef li\u1ec7u<\/strong>&nbsp;ti\u1ec1m \u1ea9n. M\u1ed9t chi\u1ebfn l\u01b0\u1ee3c&nbsp;<strong>an to\u00e0n th\u00f4ng tin<\/strong>&nbsp;ch\u1ee7 \u0111\u1ed9ng bao g\u1ed3m vi\u1ec7c theo d\u00f5i th\u01b0\u1eddng xuy\u00ean c\u00e1c c\u1ea3nh b\u00e1o b\u1ea3o m\u1eadt m\u1edbi nh\u1ea5t, th\u1ef1c hi\u1ec7n \u0111\u00e1nh gi\u00e1 l\u1ed7 h\u1ed5ng \u0111\u1ecbnh k\u1ef3 v\u00e0 duy tr\u00ec c\u00e1c ch\u00ednh s\u00e1ch v\u00e1 l\u1ed7i nghi\u00eam ng\u1eb7t.<\/p><p>Vi\u1ec7c kh\u00f4ng x\u1eed l\u00fd k\u1ecbp th\u1eddi c\u00e1c&nbsp;<strong>l\u1ed7 h\u1ed5ng CVE<\/strong>&nbsp;nh\u01b0&nbsp;<strong>CVE-2025-14847<\/strong>&nbsp;c\u00f3 th\u1ec3 m\u1edf ra c\u00e1nh c\u1eeda cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ph\u1ee9c t\u1ea1p, g\u00e2y ra nh\u1eefng t\u1ed5n th\u1ea5t kh\u00f3 l\u01b0\u1eddng cho d\u1eef li\u1ec7u v\u00e0 ho\u1ea1t \u0111\u1ed9ng kinh doanh. N\u00e2ng cao nh\u1eadn th\u1ee9c v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 l\u00e0 y\u1ebfu t\u1ed1 then ch\u1ed1t \u0111\u1ec3 duy tr\u00ec m\u1ed9t m\u00f4i tr\u01b0\u1eddng k\u1ef9 thu\u1eadt s\u1ed1 an to\u00e0n.<\/p><p><sup>Ngu\u1ed3n : <a href=\"https:\/\/adsecvn.com\/lo-hong-cve-nghiem-trong-mongodb-nguy-co-ro-ri-du-lieu-khan-cap\/\">https:\/\/adsecvn.com\/lo-hong-cve-nghiem-trong-mongodb-nguy-co-ro-ri-du-lieu-khan-cap\/<\/a><\/sup><\/p><p><\/p>","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t&nbsp;l\u1ed7 h\u1ed5ng CVE&nbsp;b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng, \u0111\u01b0\u1ee3c theo d\u00f5i d\u01b0\u1edbi m\u00e3 \u0111\u1ecbnh danh&nbsp;CVE-2025-14847, \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong n\u1ec1n t\u1ea3ng c\u01a1 s\u1edf d\u1eef li\u1ec7u MongoDB. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng tr\u00edch xu\u1ea5t d\u1eef li\u1ec7u t\u1eeb v\u00f9ng nh\u1edb heap ch\u01b0a \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o (uninitialized heap memory) t\u1eeb c\u00e1c m\u00e1y ch\u1ee7 c\u01a1 s\u1edf d\u1eef&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":6271,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[311],"tags":[],"class_list":["post-6268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tin-tuc"],"acf":[],"_links":{"self":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6268"}],"version-history":[{"count":2,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6268\/revisions"}],"predecessor-version":[{"id":6298,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/posts\/6268\/revisions\/6298"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=\/wp\/v2\/media\/6271"}],"wp:attachment":[{"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tamanh.asia\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}