CVE-2025-1755

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Compass Mongodb Compass Redhat Enterprise Linux FOR ARM 64 +3 more

Timeline

PublishedFeb 27

Description

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶NVDmongodb/compass< 1.42.1

▶CVEListV5mongodb_inc/mongodb_compass< 1.42.1

▶NVDredhat/enterprise_linux_update_services9.0

Also affects: Enterprise Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-25hc-2p68-qc2g: MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system↗2025-02-27

▶

CVEList

MongoDB Compass may be susceptible to local privilege escalation in Windows↗2025-02-27

▶