CVE-2025-1756

HIGH
2025-02-27 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:28 vuln.today
CVE Published
Feb 27, 2025 - 16:15 nvd
HIGH 7.5

Tags

Privilege Escalation Mongosh Codeready Linux Builder Eus Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Update Services For Sap Solutions Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus

Description

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

Analysis

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored. Rated high severity (CVSS 7.5). No vendor patch available.

Technical Context

This vulnerability is classified under CWE-426. mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\.3.0 Affected products include: Mongodb Mongosh, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus, Redhat Codeready Linux Builder For Power Little Endian Eus. Version information: prior to 2.3.0.

Affected Products

Mongodb Mongosh, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus, Redhat Codeready Linux Builder For Power Little Endian Eus.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-1756 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy