What is CVE-2025-1755?

CVE-2025-1755 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.5/10. Published 2025-02-27.

How severe is CVE-2025-1755?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Microsoft Windows

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue…

EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Microsoft Windows
Mongodb Compass
Mongodb Inc Compass — versions 0
Redhat Enterprise_linux_for_arm_64 — versions 9.0_aarch64
Redhat Enterprise_linux_for_ibm_z_systems — versions 9.0_s390x
Redhat Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions — versions 9.0_ppc64le
Redhat Enterprise_linux_update_services_for_sap_solutions — versions 9.0

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

cna@mongodb.com (Issue Tracking, Vendor Advisory)
134c704f-9b21-4f2e-91b3-4a467353bcc0 (Third Party Advisory)

Frequently asked questions

What is CVE-2025-1755?: CVE-2025-1755 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.5/10. Published 2025-02-27.
How severe is CVE-2025-1755?: High severity. CVSS v3 base score is 7.5 out of 10.