CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://jira.mongodb.org/browse/MONGOSH-2028	Vendor Advisory Issue Tracking
https://access.redhat.com/errata/RHSA-2025:1756	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*

History

09 Apr 2025, 14:07

Type	Values Removed	Values Added
First Time		Redhat Redhat enterprise Linux For Ibm Z Systems Eus Mongodb mongosh Mongodb Redhat codeready Linux Builder For Arm64 Eus Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux Server Aus Redhat codeready Linux Builder Eus Redhat enterprise Linux Eus Redhat codeready Linux Builder For Power Little Endian Eus Redhat enterprise Linux For Arm 64 Redhat enterprise Linux Update Services For Sap Solutions Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems
CPE		cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:a:mongodb:mongosh:::::::: cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
References	~~() https://jira.mongodb.org/browse/MONGOSH-2028 -~~	() https://jira.mongodb.org/browse/MONGOSH-2028 - Vendor Advisory, Issue Tracking
References	~~() https://access.redhat.com/errata/RHSA-2025:1756 -~~	() https://access.redhat.com/errata/RHSA-2025:1756 - Third Party Advisory
Summary		(es) Mongosh puede ser susceptible a una escalada de privilegios locales en determinadas condiciones, lo que podría permitir acciones no autorizadas en el sistema de un usuario con privilegios elevados, cuando un archivo manipulado se almacena en C:\node_modules\. Este problema afecta a mongosh antes de la versión 2.3.0.

27 Feb 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 16:15

Updated : 2025-04-09 14:07

NVD link : CVE-2025-1756

Mitre link : CVE-2025-1756

CVE.ORG link : CVE-2025-1756

JSON object : View

Products Affected

redhat

enterprise_linux_server_aus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_arm_64
enterprise_linux_for_arm_64_eus
enterprise_linux_eus
codeready_linux_builder_eus
codeready_linux_builder_for_ibm_z_systems_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_update_services_for_sap_solutions
codeready_linux_builder_for_power_little_endian_eus
codeready_linux_builder_for_arm64_eus

mongodb

mongosh

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2025-1756", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-02-27T16:15:39.287", "references": [{"url": "https://jira.mongodb.org/browse/MONGOSH-2028", "tags": ["Vendor Advisory", "Issue Tracking"], "source": "cna@mongodb.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:1756", "tags": ["Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-426"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0"}, {"lang": "es", "value": "Mongosh puede ser susceptible a una escalada de privilegios locales en determinadas condiciones, lo que podr\u00eda permitir acciones no autorizadas en el sistema de un usuario con privilegios elevados, cuando un archivo manipulado se almacena en C:\\node_modules\\. Este problema afecta a mongosh antes de la versi\u00f3n 2.3.0."}], "lastModified": "2025-04-09T14:07:26.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C2BFE9-64C0-4711-A311-1DFDFEBE4477", "versionEndExcluding": "2.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35232613-B8B5-4F4D-A6CD-3823C6666534"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9"}, {"criteria": "cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0F1D571-6C70-45D9-BC76-C6DF33967127"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF70805-7EBF-4731-83DB-D71F7A646B0F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "069180B4-BA50-4AD0-8BA9-83F8005E58BE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}

7.5 /10