Vulnerability Details CVE-2025-1756
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-1756
-
cpe:2.3:a:mongodb:mongosh:*
-
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x
-
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le
-
cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.4
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4