CVE-2025-1756

CWE-4265 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Mongodb INC MongoshMongodb MongoshRedhat Codeready Linux Builder EUS+11 more
Timeline
PublishedFeb 27

Description

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages5 packages

npmmongosh< 2.3.0
NVDmongodb/mongosh< 2.3.0
CVEListV5mongodb_inc/mongosh< 2.3.0

Also affects: Enterprise Linux 9.4

🔴Vulnerability Details

3
OSV
mongosh vulnerable to local privilege escalation2025-02-27
CVEList
MongoDB Shell may be susceptible to local privilege escalation in Windows2025-02-27
GHSA
mongosh vulnerable to local privilege escalation2025-02-27