CVE-2025-1756

HIGH7.5EPSS 0.04%

mongosh vulnerable to local privilege escalation

Published: 2/27/2025Modified: 2/27/2025

Description

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0.

Affected packages (1)

npm/mongoshfrom 0, < 2.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-1756
PATCHhttps://github.com/mongodb-js/mongosh
WEBhttps://access.redhat.com/errata/RHSA-2025:1756
WEBhttps://jira.mongodb.org/browse/MONGOSH-2028