CVE-2025-1756

HIGH

mongosh <2.3.0 - Privilege Escalation

Title source: llm

Description

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

References (2)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/MONGOSH-2028

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2025:1756

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-426

Status published

Products (14)

mongodb/mongosh < 2.3.0

npm/mongosh 0 - 2.3.0npm

redhat/codeready_linux_builder_eus 9.4

redhat/codeready_linux_builder_for_arm64_eus 9.4_aarch64

redhat/codeready_linux_builder_for_ibm_z_systems_eus 9.4_s390x

redhat/codeready_linux_builder_for_power_little_endian_eus 9.4_ppc64le

redhat/enterprise_linux_eus 9.4

redhat/enterprise_linux_for_arm_64 9.4_aarch64

redhat/enterprise_linux_for_arm_64_eus 9.4_aarch64

redhat/enterprise_linux_for_ibm_z_systems 9.4_s390x

... and 4 more

Published Feb 27, 2025

Tracked Since Feb 18, 2026