-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Environment:OS:
node.js / npm versions:
Additional info:
-
Developer Tools
CVE ID:
CVE-2025-1756
Title:
MongoDB Shell may be susceptible to local privilege escalation in Windows
Description:
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
CVSS Score:
7.5 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
List all affected product versions:
mongosh prior to 2.3.0
CWE:
CWE-426: Untrusted Search Path
Required Configuration:
Only environments with Windows as the underlying operating system is affected by this issue
Credit:
T. Doğa Gelişli