CVE-2025-1756

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1756
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://jira.mongodb.org/browse/MONGOSH-2028 Vendor Advisory Issue Tracking
https://access.redhat.com/errata/RHSA-2025:1756 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-02-27 16:15

Updated : 2025-04-09 14:07

NVD link : CVE-2025-1756

Mitre link : CVE-2025-1756

CVE.ORG link : CVE-2025-1756

JSON object : View

Products Affected

redhat

  • codeready_linux_builder_for_power_little_endian_eus
  • codeready_linux_builder_eus
  • enterprise_linux_eus
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_server_aus
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_power_little_endian_eus
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_update_services_for_sap_solutions
  • enterprise_linux_for_arm_64_eus

mongodb

  • mongosh
CWE
CWE-426

Untrusted Search Path