CVE-2025-14345

🗓️ 09 Dec 2025 15:00:38Reported by mongodbType

Post-authentication flaw in MongoDB cross-shard two-phase commit may cause partial commit and data inconsistency on affected versions.

Reporter	Title	Published	Views	Family All 17
FreeBSD	MongoDB Server -- Improper Locking	9 Dec 202500:00	–	freebsd
CNNVD	MongoDB Server 安全漏洞	9 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server	9 Dec 202515:00	–	cvelist
EUVD	EUVD-2025-201945	9 Dec 202518:30	–	euvd
Tenable Nessus	FreeBSD : MongoDB Server -- Improper Locking (c11e0878-d6a8-11f0-8e1b-b42e991fc52e)	11 Dec 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-14345	12 Dec 202500:00	–	nessus
MongoDB	Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server	9 Dec 202515:00	–	mongodb
NVD	CVE-2025-14345	9 Dec 202516:17	–	nvd
OSV	BIT-MONGODB-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server	13 May 202608:09	–	osv
OSV	MINI-GWQ3-RMC6-7W29	12 Dec 202513:25	–	osv

NVD

Node

mongodb mongodbRange7.0.0–7.0.26-

mongodb mongodbRange8.0.0–8.0.16-

mongodb mongodbRange8.2.0–8.2.2-

mongodb mongodbMatch8.3.0alpha0-

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "7.0.26",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.0.16",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2.2",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-106075

11 Dec 2025 16:41Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.2 - 5.4

CVSS 42.3

EPSS0.00036

SSVC

CWE-667