CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server

🗓️ 09 Dec 2025 15:00:38Reported by mongodbType

Post-authentication cross-shard two-phase commit flaw may cause partial commits and data inconsistency across shards.

Reporter	Title	Published	Views	Family All 17
FreeBSD	MongoDB Server -- Improper Locking	9 Dec 202500:00	–	freebsd
CNNVD	MongoDB Server 安全漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-14345	9 Dec 202515:00	–	cve
EUVD	EUVD-2025-201945	9 Dec 202518:30	–	euvd
Tenable Nessus	FreeBSD : MongoDB Server -- Improper Locking (c11e0878-d6a8-11f0-8e1b-b42e991fc52e)	11 Dec 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-14345	12 Dec 202500:00	–	nessus
MongoDB	Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server	9 Dec 202515:00	–	mongodb
NVD	CVE-2025-14345	9 Dec 202516:17	–	nvd
OSV	BIT-MONGODB-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server	13 May 202608:09	–	osv
OSV	MINI-GWQ3-RMC6-7W29	12 Dec 202513:25	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "7.0.26",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.0.16",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2.2",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-106075

09 Dec 2025 15:00Current

CVSS 42.3

CVSS 3.14.2

EPSS0.00192

CWE-667