CVE-2025-1755

Published Feb 27, 2025

Last updated a month ago

CVSS high 7.5

Overview

Description
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Source
cna@mongodb.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
6
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cna@mongodb.com
CWE-426

Social media

Hype score
Not currently trending

  1. MongoDB Compass and Shell may be susceptible to local privilege escalation inWindowsURL: https://t.co/8EGK6uf0NJ: Important, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 7.5CVEs: CVE-2025-1755, CVE-2025-1756See also: https://t.co/4LTNldNJfc

    @CharyyevPerman

    28 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References