Portworx Backup is a Kubernetes-native data protection platform that centrally backs up and restores applications, KubeVirt VMs, and data across any cluster or cloud. It delivers application-consistent, policy-driven backups with granular namespace and label selection so you protect exactly what you need while meeting RPO/RTO requirements. With immutable, object-lock backups for ransomware resilience and self-service restore for DevOps teams, Portworx Backup keeps modern, containerized applications safe, compliant, and always recoverable.
Below is a summary of what’s new in the Portworx Backup 2.10.2 release.
Fixed in Release
-
PB-13813: MongoDB CVE-2025-14847
-
Issue: When zlib decompression is enabled in MongoDB’s network protocol, a heap memory leak vulnerability (CVE-2025-14847) allows unauthenticated attackers to read sensitive server memory contents, including credentials, session tokens, and other confidential data.
-
User Impact: In affected Portworx Backup versions, an unauthenticated attacker with network access to the Portworx Backup–managed MongoDB instance could exploit CVE-2025-14847 to read sensitive data stored in MongoDB.
-
Resolution : Upgrade Portworx Backup to version 2.10.2. This release updates the embedded MongoDB components in Portworx Backup to versions that contain the vendor fix for CVE-2025-14847.
-
Learn more
Documentation and Resources
• What’s New (2.10.2): Portworx Backup Release Notes | Portworx Backup On-Premises Documentation
• Portworx Backup - How to Upgrade: Upgrade Portworx Backup | Portworx Backup On-Premises Documentation
• Portworx Backup - Prerequisites: Install Prerequisites | Portworx Backup On-Premises Documentation
• Portworx Backup - Docs: Portworx Backup Documentation | Portworx Backup On-Premises Documentation
On-behalf of - Portworx Backup Team,
Vijay Nagarajan