What is CVE-2025-1756?

CVE-2025-1756 is a high-severity vulnerability in Mongodb Mongosh, classified under Untrusted Search Path. CVSS score: 7.5/10. Published 2025-02-27.

How severe is CVE-2025-1756?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Mongodb Mongosh

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects m…

EPSS: 0.001 (3.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Mongodb Mongosh
Mongodb Inc Mongosh — versions 0
Redhat Codeready_linux_builder_eus — versions 9.4
Redhat Codeready_linux_builder_for_arm64_eus — versions 9.4_aarch64
Redhat Codeready_linux_builder_for_ibm_z_systems_eus — versions 9.4_s390x
Redhat Codeready_linux_builder_for_power_little_endian_eus — versions 9.4_ppc64le
Redhat Enterprise_linux_eus — versions 9.4
Redhat Enterprise_linux_for_arm_64 — versions 9.4_aarch64
Redhat Enterprise_linux_for_arm_64_eus — versions 9.4_aarch64
Redhat Enterprise_linux_for_ibm_z_systems — versions 9.4_s390x

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

cna@mongodb.com (Issue Tracking, Vendor Advisory)
134c704f-9b21-4f2e-91b3-4a467353bcc0 (Third Party Advisory)

Frequently asked questions

What is CVE-2025-1756?: CVE-2025-1756 is a high-severity vulnerability in Mongodb Mongosh, classified under Untrusted Search Path. CVSS score: 7.5/10. Published 2025-02-27.
How severe is CVE-2025-1756?: High severity. CVSS v3 base score is 7.5 out of 10.