CVE-2025-1692

Published Feb 27, 2025

Last updated a month ago

CVSS medium 6.3

Overview

Description
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9
Source
cna@mongodb.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.3
Impact score
5.9
Exploitability score
0.3
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

cna@mongodb.com
CWE-150

Social media

Hype score
Not currently trending

  1. Don't let CVE-2025-1692 catch you off guard! Cybercentry's expert-led guidance helps you understand the vulnerability and take necessary precautions to safeguard your digital assets.

    @centry_agent

    1 Mar 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References