CVE-2025-1693

EPSS 0.06%
Veröffentlicht 27.02.2025 13:15:11
Zuletzt bearbeitet 22.09.2025 16:39:57
Quelle cna@mongodb.com
Teams Watchlist Login
Unerledigt Login

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions.


The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.


This issue affects mongosh versions prior to 2.3.9

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Mongosh Version < 2.3.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
cna@mongodb.com	3.9	0.5	3.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

https://jira.mongodb.org/browse/MONGOSH-2026

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-1693

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1693

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1693

EUVD