anonhaven
Ad

CVE-2025-1756

HIGH CVSS 3.1: 7.8 EPSS 0.03%
Updated Apr 09, 2025
Red Hat
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions before 2.3.0
Fixed In 2.3.0
Type CWE-426
Vendor Red Hat
Public PoC No

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-426

Vulnerable Products 13

Configuration From (including) Up to (excluding)
Mongodb Mongosh
cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*
 2.3.0
Redhat Codeready_Linux_Builder_Eus
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*
Redhat Codeready_Linux_Builder_For_Arm64_Eus
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
Redhat Codeready_Linux_Builder_For_Ibm_Z_Systems_Eus
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Redhat Codeready_Linux_Builder_For_Power_Little_Endian_Eus
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Update_Services_For_Sap_Solutions
cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Eus
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Arm_64_Eus
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Ibm_Z_Systems_Eus
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Redhat Enterprise_Linux_For_Power_Little_Endian_Eus
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Redhat Enterprise_Linux_Server_Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*

References 2

https://jira.mongodb.org/browse/MONGOSH-2028
cna@mongodb.com
https://access.redhat.com/errata/RHSA-2025:1756
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-9572

Theforeman

6.5

CVE-2026-26104

Freedesktop

5.5

CVE-2026-26103

Freedesktop

7.1

CVE-2025-12543

Java

9.6

CVE-2025-14087

Gnome

9.8