CVE-2025-14345
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-14345, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-09

Last updated on: 2025-12-11

Assigner: MongoDB, Inc.

Description

A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact. This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-09
Last Modified
2025-12-11
Generated
2026-07-06
AI Q&A
2025-12-09
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
mongodb mongodb_server 8.0
mongodb mongodb_server 7.0
mongodb mongodb_server 8.2
mongodb mongodb From 7.0.0 (inc) to 7.0.26 (inc)
mongodb mongodb 8.3.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server. Under specific, unpredictable conditions that last for a very short time, the transaction coordination logic may mistakenly consider a transaction as committed when it is not, leading to logical data inconsistencies across shards.

Impact Analysis

The vulnerability can cause logical data inconsistencies in MongoDB Server, resulting in low integrity and availability impact. This means that data across different shards may become inconsistent, potentially affecting the reliability and correctness of your data and applications relying on it.

Mitigation Strategies

To mitigate this vulnerability, upgrade MongoDB Server to version 8.0.16 or later if you are using the 8.0 series, version 7.0.26 or later if you are using the 7.0 series, or version 8.2.2 or later if you are using the 8.2 series.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14345. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart