CVE-2025-1755

High CVSS: 7.5

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

Vendor

Mongodb

Product

Compass

CWE

CWE-426

Yayın Tarihi

2025-02-27 16:15:39

Güncelleme

2025-04-09 14:07:43

Source Identifier

cna@mongodb.com

KEV Date Added

Kategoriler

CWE-426 Compass HIGH Mongodb 2025

Referanslar

https://jira.mongodb.org/browse/COMPASS-9058 https://access.redhat.com/errata/RHSA-2025:1755.html

Benzer Kayıtlar

Medium

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during…

Medium

CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-fre…

Low

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a cr…

High

CVE-2026-25610

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.

High

CVE-2026-25613

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compo…

Medium

CVE-2026-25609

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read…