CVE-2025-1755

Published: Feb 27, 2025Modified: Apr 9, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

Affected (5)

Products: Mongodb: Compass · Redhat: Enterprise Linux For Arm 64, Enterprise Linux For Ibm Z Systems, Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions, Enterprise Linux Update Services For Sap Solutions

Mongodb

1 product

Compass

Redhat

4 products

Enterprise Linux For Arm 64

Enterprise Linux For Ibm Z Systems

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Enterprise Linux Update Services For Sap Solutions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mongodb Compass	Before 1.42.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux For Arm 64	Version 9.0_aarch64
Redhat Enterprise Linux For Ibm Z Systems	Version 9.0_s390x
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	Version 9.0_ppc64le
Redhat Enterprise Linux Update Services For Sap Solutions	Version 9.0

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://jira.mongodb.org/browse/COMPASS-9058

Source: cna@mongodb.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2025:1755.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory

Timeline

No history available yet.