CVE-2025-1755
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Analysis
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is. Rated high severity (CVSS 7.5). No vendor patch available.
Technical Context
This vulnerability is classified under CWE-426. MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\.42.1 Affected products include: Mongodb Compass, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions, Redhat Enterprise Linux Update Services For Sap Solutions. Version information: prior to 1.42.1.
Affected Products
Mongodb Compass, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions, Redhat Enterprise Linux Update Services For Sap Solutions.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today