mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
References
| Link | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:1756 | Third Party Advisory |
| https://jira.mongodb.org/browse/MONGOSH-2028 | Vendor Advisory Issue Tracking |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
09 Apr 2025, 14:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://access.redhat.com/errata/RHSA-2025:1756 - Third Party Advisory | |
| References | () https://jira.mongodb.org/browse/MONGOSH-2028 - Vendor Advisory, Issue Tracking | |
| First Time |
Redhat enterprise Linux For Arm 64
Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Ibm Z Systems Eus Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder For Power Little Endian Eus Mongodb Redhat enterprise Linux For Ibm Z Systems Mongodb mongosh Redhat enterprise Linux Eus Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Power Little Endian Eus Redhat codeready Linux Builder Eus Redhat Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux Server Aus |
|
| CWE | CWE-426 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* |
27 Feb 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-27 16:15
Updated : 2025-04-09 14:07
NVD link : CVE-2025-1756
Mitre link : CVE-2025-1756
JSON object : View
Products Affected
redhat
- codeready_linux_builder_eus
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_for_arm_64
- codeready_linux_builder_for_arm64_eus
- enterprise_linux_eus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_update_services_for_sap_solutions
- codeready_linux_builder_for_ibm_z_systems_eus
- enterprise_linux_server_aus
- enterprise_linux_for_arm_64_eus
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_for_ibm_z_systems
mongodb
- mongosh
CWE
CWE-426
Untrusted Search Path