CVE-2025-1755

Published Feb 27, 2025

Last updated a month ago

CVSS high 7.5

Overview

Description: MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Source: cna@mongodb.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cna@mongodb.com: CWE-426
nvd@nist.gov: CWE-426

Hype score: Not currently trending

MongoDB Compass and Shell may be susceptible to local privilege escalation inWindowsURL: https://t.co/8EGK6uf0NJ: Important, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 7.5CVEs: CVE-2025-1755, CVE-2025-1756See also: https://t.co/4LTNldNJfc
@CharyyevPerman
28 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AF4CC4A-586E-4EEC-A2F8-0EA8CA343459",
            "versionEndExcluding": "1.42.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DA48001-66CC-4E71-A944-68D7D654031E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "083AAC55-E87B-482A-A1F4-8F2DEB90CB23"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References