PT-2025-49980 · Mongodb+1 · Mongodb Server+2
Published
2025-12-09
·
Updated
2026-05-13
·
CVE-2025-14345
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions prior to 8.0.16
MongoDB Server versions prior to 7.0.26
MongoDB Server versions prior to 8.2.2
Description
A flaw exists in the network two-phase commit protocol used for cross-shard transactions. This issue can lead to logical data inconsistencies under specific conditions that are not predictable and exist for a short duration. The transaction coordination logic may incorrectly interpret a transaction as committed, resulting in an inconsistent state across shards, potentially impacting data integrity and availability.
Recommendations
Update MongoDB Server to version 8.0.16 or later.
Update MongoDB Server to version 7.0.26 or later.
Update MongoDB Server to version 8.2.2 or later.
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Server
Mongodb
Red Os