CVE-2025-1755

EPSS 0.05%
Veröffentlicht 27.02.2025 16:15:39
Zuletzt bearbeitet 09.04.2025 14:07:43
Quelle cna@mongodb.com
CVE-Watchlists
Login
Unerledigt
Login

MongoDB Compass may be susceptible to local privilege escalation in Windows

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Compass Version < 1.42.1

Microsoft ≫ Windows Version-

Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.0_ppc64le

Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version9.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@mongodb.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://jira.mongodb.org/browse/COMPASS-9058

Vendor Advisory

Issue Tracking

https://access.redhat.com/errata/RHSA-2025:1755.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1755

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-1755