UBUNTU-CVE-2025-14345

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-14345
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14345.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-14345
Upstream
Published
2025-12-09T16:17:00Z
Modified
2026-02-28T05:57:27.154184Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact. This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.

References

Affected packages

Ubuntu:Pro:14.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:2.4.9-1ubuntu2+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*
1:2.4.6-0ubuntu5
1:2.4.6-0ubuntu6
1:2.4.8-1ubuntu1
1:2.4.8-2
1:2.4.9-1
1:2.4.9-1ubuntu1
1:2.4.9-1ubuntu2
1:2.4.9-1ubuntu2+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        },
        {
            "binary_name": "mongodb-dev",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14345.json"

Ubuntu:Pro:16.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:2.6.10-0ubuntu1+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*
1:2.6.10-0ubuntu1
1:2.6.10-0ubuntu1+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14345.json"

Ubuntu:Pro:18.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:3.6.3-0ubuntu1.4+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*
1:3.4.7-1
1:3.4.7-1ubuntu1
1:3.4.7-1ubuntu2
1:3.4.7-1ubuntu4
1:3.4.14-3ubuntu1
1:3.4.14-3ubuntu2
1:3.6.3-0ubuntu1
1:3.6.3-0ubuntu1.1
1:3.6.3-0ubuntu1.3
1:3.6.3-0ubuntu1.4
1:3.6.3-0ubuntu1.4+esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm1"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm1"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm1"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14345.json"

Ubuntu:20.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14345.json"