CVE-2025-1691

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1691

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1691.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1691

Aliases

GHSA-43g5-2wr2-q7vj

Published

2025-02-27T13:15:11.253Z

Modified

2026-04-10T05:25:53.774319Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. This issue affects mongosh versions prior to 2.3.9.

The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.

References

https://jira.mongodb.org/browse/MONGOSH-2024

Affected packages

Git / github.com/mongodb-js/mongosh

Affected ranges

Type

GIT

Repo

https://github.com/mongodb-js/mongosh

Events

Introduced

Fixed

bfb783bc891cacfc1967c38e478eb360e4fc46f8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.9"
        }
    ]
}

Affected versions

0.*

0.0.2

@mongosh/arg-parser@3.*

@mongosh/arg-parser@3.0.0

@mongosh/async-rewriter2@2.*

@mongosh/async-rewriter2@2.4.0

@mongosh/autocomplete@3.*

@mongosh/autocomplete@3.0.0

@mongosh/browser-repl@3.*

@mongosh/browser-repl@3.0.0

@mongosh/browser-runtime-core@3.*

@mongosh/browser-runtime-core@3.0.0

@mongosh/browser-runtime-electron@3.*

@mongosh/browser-runtime-electron@3.0.0

@mongosh/build@3.*

@mongosh/build@3.0.0

@mongosh/connectivity-tests@2.*

@mongosh/connectivity-tests@2.4.0

@mongosh/docker-build-scripts@3.*

@mongosh/docker-build-scripts@3.0.0

@mongosh/e2e-tests@3.*

@mongosh/e2e-tests@3.0.0

@mongosh/editor@3.*

@mongosh/editor@3.0.0

@mongosh/errors@2.*

@mongosh/errors@2.4.0

@mongosh/history@2.*

@mongosh/history@2.4.0

@mongosh/i18n@2.*

@mongosh/i18n@2.4.0

@mongosh/java-shell@2.*

@mongosh/java-shell@2.4.0

@mongosh/js-multiline-to-singleline@2.*

@mongosh/js-multiline-to-singleline@2.4.0

@mongosh/logging@3.*

@mongosh/logging@3.0.0

@mongosh/node-runtime-worker-thread@3.*

@mongosh/node-runtime-worker-thread@3.0.0

@mongosh/service-provider-core@3.*

@mongosh/service-provider-core@3.0.0

@mongosh/service-provider-node-driver@3.*

@mongosh/service-provider-node-driver@3.0.0

@mongosh/shell-api@3.*

@mongosh/shell-api@3.0.0

@mongosh/shell-evaluator@3.*

@mongosh/shell-evaluator@3.0.0

@mongosh/snippet-manager@3.*

@mongosh/snippet-manager@3.0.0

@mongosh/types@3.*

@mongosh/types@3.0.0

v0.*

v0.0.1

v0.0.1-alpha.0

v0.0.1-alpha.1

v0.0.1-alpha.10

v0.0.1-alpha.11

v0.0.1-alpha.12

v0.0.1-alpha.13

v0.0.1-alpha.15

v0.0.1-alpha.17

v0.0.1-alpha.18

v0.0.1-alpha.19

v0.0.1-alpha.2

v0.0.1-alpha.3

v0.0.1-alpha.4

v0.0.1-alpha.5

v0.0.1-alpha.6

v0.0.1-alpha.7

v0.0.1-alpha.8

v0.0.1-alpha.9

v0.0.2

v0.0.2-alpha.0

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.1.0

v0.10.0

v0.10.0-draft.0

v0.10.1

v0.10.1-draft.0

v0.11.0

v0.11.0-draft.0

v0.11.0-draft.1

v0.11.0-draft.2

v0.12.0

v0.12.0-draft.0

v0.12.1

v0.12.1-draft.0

v0.13.0

v0.13.0-draft.0

v0.13.0-draft.1

v0.13.1

v0.13.1-draft.0

v0.13.2

v0.13.2-draft.0

v0.14.0

v0.14.0-draft.0

v0.14.1-draft.0

v0.15.0

v0.15.0-draft.0

v0.15.1

v0.15.1-draft.0

v0.15.2

v0.15.2-draft.0

v0.15.3

v0.15.3-draft.0

v0.15.3-draft.1

v0.15.4

v0.15.4-draft.0

v0.15.5

v0.15.5-draft.0

v0.15.6

v0.15.6-draft.0

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.0-draft.1

v0.7.0-draft.2

v0.7.0-draft.3

v0.7.0-draft.4

v0.7.0-draft.5

v0.7.0-draft.6

v0.7.0-draft.7

v0.7.0-draft.8

v0.7.0-draft.9

v0.7.0-testrelease

v0.7.0-testrelease1

v0.7.0-testrelease2

v0.7.1

v0.7.1-draft.1

v0.7.2

v0.7.2-draft.1

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.8.0

v0.8.0-draft.0

v0.8.0-draft.1

v0.8.0-draft.10

v0.8.0-draft.11

v0.8.0-draft.2

v0.8.0-draft.3

v0.8.0-draft.4

v0.8.0-draft.5

v0.8.0-draft.6

v0.8.0-draft.7

v0.8.0-draft.8

v0.8.0-draft.9

v0.8.1

v0.8.1-draft.2

v0.8.1-draft.3

v0.8.2

v0.8.2-draft.0

v0.8.3

v0.8.3-draft.0

v0.8.3-draft.1

v0.8.3-draft.2

v0.8.3-draft.3

v0.8.3-draft.4

v0.9.0

v0.9.0-draft.0

v1.*

v1.0.0

v1.0.0-draft.0

v1.0.0-draft.1

v1.0.1

v1.0.1-draft.0

v1.0.2

v1.0.2-draft.0

v1.0.3

v1.0.3-draft.0

v1.0.4

v1.0.4-draft.0

v1.0.5

v1.0.5-draft.0

v1.0.6

v1.0.6-draft.0

v1.0.6-draft.1

v1.0.6-draft.2

v1.0.6-draft.3

v1.0.6-draft.4

v1.0.7

v1.0.7-draft.0

v1.1.0

v1.1.0-draft.0

v1.1.1

v1.1.1-draft.0

v1.1.2

v1.1.2-draft.0

v1.1.3

v1.1.3-draft.0

v1.1.4

v1.1.4-draft.0

v1.1.5

v1.1.5-draft.0

v1.1.5-draft.1

v1.1.6

v1.1.6-draft.0

v1.1.7

v1.1.7-draft.0

v1.1.7-draft.1

v1.1.8

v1.1.8-draft.0

v1.1.8-draft.1

v1.1.8-draft.2

v1.1.8-draft.3

v1.1.8-draft.4

v1.1.8-draft.5

v1.1.8-draft.6

v1.1.8-draft.7

v1.1.8-draft.8

v1.1.9

v1.1.9-draft.0

v1.1.9-draft.1

v1.10.0

v1.10.0-draft.0

v1.10.1

v1.10.1-draft.0

v1.10.2

v1.10.2-draft.0

v1.10.3

v1.10.3-draft.0

v1.10.4

v1.10.4-draft.0

v1.10.5

v1.10.5-draft.0

v1.10.5-draft.1

v1.10.6

v1.10.6-draft.0

v1.10.6-draft.1

v1.2.0

v1.2.0-draft.0

v1.2.1

v1.2.1-draft.0

v1.2.2

v1.2.2-draft.0

v1.2.2-draft.1

v1.2.3

v1.2.3-draft.0

v1.2.3-draft.1

v1.3.0

v1.3.0-draft.0

v1.3.1

v1.3.1-draft.0

v1.4.0

v1.4.0-draft.0

v1.4.1

v1.4.1-draft.0

v1.4.2

v1.4.2-draft.0

v1.5.0

v1.5.0-draft.0

v1.5.0-draft.1

v1.5.0-draft.2

v1.5.0-draft.3

v1.5.0-draft.4

v1.5.0-draft.5

v1.5.1

v1.5.1-draft.0

v1.5.1-draft.1

v1.5.1-draft.2

v1.5.2

v1.5.2-draft.0

v1.5.3

v1.5.3-draft.0

v1.5.4

v1.5.4-draft.0

v1.6.0

v1.6.0-draft.0

v1.6.1

v1.6.1-draft.0

v1.6.2

v1.6.2-draft.0

v1.7.0

v1.7.0-draft.0

v1.7.1

v1.7.1-draft.0

v1.8.0

v1.8.0-draft.0

v1.8.1

v1.8.1-draft.0

v1.8.2

v1.8.2-draft.0

v1.9.0

v1.9.0-draft.0

v1.9.1

v1.9.1-draft.0

v2.*

v2.0.0

v2.0.0-draft.0

v2.0.0-draft.1

v2.0.0-draft.2

v2.0.0-draft.3

v2.0.0-draft.4

v2.0.1

v2.0.1-draft.0

v2.0.2

v2.0.2-draft.0

v2.1.0

v2.1.0-draft.0

v2.1.0-draft.1

v2.1.1

v2.1.1-draft.0

v2.1.2

v2.1.2-draft.2

v2.1.3

v2.1.3-draft.0

v2.1.3-draft.1

v2.1.3-draft.2

v2.1.3-draft.3

v2.1.4

v2.1.4-draft.0

v2.1.5

v2.1.5-draft.0

v2.1.5-draft.1

v2.1.5-draft.2

v2.2.0

v2.2.0-draft.0

v2.2.0-draft.1

v2.2.1

v2.2.1-draft.0

v2.2.1-draft.1

v2.2.10

v2.2.10-draft.0

v2.2.11

v2.2.11-draft.0

v2.2.11-draft.1

v2.2.12

v2.2.12-draft.0

v2.2.12-draft.1

v2.2.13

v2.2.13-draft.0

v2.2.13-draft.1

v2.2.14

v2.2.14-draft.0

v2.2.15

v2.2.15-draft.0

v2.2.2

v2.2.2-draft.0

v2.2.3

v2.2.3-draft.0

v2.2.4

v2.2.4-draft.0

v2.2.4-draft.1

v2.2.4-draft.2

v2.2.4-draft.3

v2.2.4-draft.4

v2.2.5

v2.2.5-draft.0

v2.2.6

v2.2.6-draft.0

v2.2.7

v2.2.7-draft.0

v2.2.8

v2.2.8-draft.0

v2.2.9

v2.2.9-draft.0

v2.3.0

v2.3.0-draft.0

v2.3.1

v2.3.1-draft.0

v2.3.2

v2.3.2-draft.0

v2.3.3

v2.3.3-draft.0

v2.3.4

v2.3.4-draft.0

v2.3.5

v2.3.5-draft.0

v2.3.6

v2.3.6-draft.0

v2.3.7

v2.3.7-draft.0

v2.3.8

v2.3.8-draft.0

v2.3.9-draft.0

v2.3.9-draft.1

v2.3.9-draft.10

v2.3.9-draft.11

v2.3.9-draft.12

v2.3.9-draft.2

v2.3.9-draft.3

v2.3.9-draft.4

v2.3.9-draft.5

v2.3.9-draft.6

v2.3.9-draft.7

v2.3.9-draft.8

v2.3.9-draft.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1691.json"