CVE-2025-1692

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1692

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1692.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1692

Aliases

GHSA-973h-3x6p-qg37

Published

2025-02-27T13:15:11.413Z

Modified

2026-04-10T05:25:53.792295Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9

References

https://jira.mongodb.org/browse/MONGOSH-2025

Affected packages

Git / github.com/mongodb-js/mongosh

Affected ranges

Type

GIT

Repo

https://github.com/mongodb-js/mongosh

Events

Introduced

Fixed

bfb783bc891cacfc1967c38e478eb360e4fc46f8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.9"
        }
    ]
}

Affected versions

0.*

0.0.2

@mongosh/arg-parser@3.*

@mongosh/arg-parser@3.0.0

@mongosh/async-rewriter2@2.*

@mongosh/async-rewriter2@2.4.0

@mongosh/autocomplete@3.*

@mongosh/autocomplete@3.0.0

@mongosh/browser-repl@3.*

@mongosh/browser-repl@3.0.0

@mongosh/browser-runtime-core@3.*

@mongosh/browser-runtime-core@3.0.0

@mongosh/browser-runtime-electron@3.*

@mongosh/browser-runtime-electron@3.0.0

@mongosh/build@3.*

@mongosh/build@3.0.0

@mongosh/connectivity-tests@2.*

@mongosh/connectivity-tests@2.4.0

@mongosh/docker-build-scripts@3.*

@mongosh/docker-build-scripts@3.0.0

@mongosh/e2e-tests@3.*

@mongosh/e2e-tests@3.0.0

@mongosh/editor@3.*

@mongosh/editor@3.0.0

@mongosh/errors@2.*

@mongosh/errors@2.4.0

@mongosh/history@2.*

@mongosh/history@2.4.0

@mongosh/i18n@2.*

@mongosh/i18n@2.4.0

@mongosh/java-shell@2.*

@mongosh/java-shell@2.4.0

@mongosh/js-multiline-to-singleline@2.*

@mongosh/js-multiline-to-singleline@2.4.0

@mongosh/logging@3.*

@mongosh/logging@3.0.0

@mongosh/node-runtime-worker-thread@3.*

@mongosh/node-runtime-worker-thread@3.0.0

@mongosh/service-provider-core@3.*

@mongosh/service-provider-core@3.0.0

@mongosh/service-provider-node-driver@3.*

@mongosh/service-provider-node-driver@3.0.0

@mongosh/shell-api@3.*

@mongosh/shell-api@3.0.0

@mongosh/shell-evaluator@3.*

@mongosh/shell-evaluator@3.0.0

@mongosh/snippet-manager@3.*

@mongosh/snippet-manager@3.0.0

@mongosh/types@3.*

@mongosh/types@3.0.0

v0.*

v0.0.1

v0.0.1-alpha.0

v0.0.1-alpha.1

v0.0.1-alpha.10

v0.0.1-alpha.11

v0.0.1-alpha.12

v0.0.1-alpha.13

v0.0.1-alpha.15

v0.0.1-alpha.17

v0.0.1-alpha.18

v0.0.1-alpha.19

v0.0.1-alpha.2

v0.0.1-alpha.3

v0.0.1-alpha.4

v0.0.1-alpha.5

v0.0.1-alpha.6

v0.0.1-alpha.7

v0.0.1-alpha.8

v0.0.1-alpha.9

v0.0.2

v0.0.2-alpha.0

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.1.0

v0.10.0

v0.10.0-draft.0

v0.10.1

v0.10.1-draft.0

v0.11.0

v0.11.0-draft.0

v0.11.0-draft.1

v0.11.0-draft.2

v0.12.0

v0.12.0-draft.0

v0.12.1

v0.12.1-draft.0

v0.13.0

v0.13.0-draft.0

v0.13.0-draft.1

v0.13.1

v0.13.1-draft.0

v0.13.2

v0.13.2-draft.0

v0.14.0

v0.14.0-draft.0

v0.14.1-draft.0

v0.15.0

v0.15.0-draft.0

v0.15.1

v0.15.1-draft.0

v0.15.2

v0.15.2-draft.0

v0.15.3

v0.15.3-draft.0

v0.15.3-draft.1

v0.15.4

v0.15.4-draft.0

v0.15.5

v0.15.5-draft.0

v0.15.6

v0.15.6-draft.0

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.0-draft.1

v0.7.0-draft.2

v0.7.0-draft.3

v0.7.0-draft.4

v0.7.0-draft.5

v0.7.0-draft.6

v0.7.0-draft.7

v0.7.0-draft.8

v0.7.0-draft.9

v0.7.0-testrelease

v0.7.0-testrelease1

v0.7.0-testrelease2

v0.7.1

v0.7.1-draft.1

v0.7.2

v0.7.2-draft.1

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.8.0

v0.8.0-draft.0

v0.8.0-draft.1

v0.8.0-draft.10

v0.8.0-draft.11

v0.8.0-draft.2

v0.8.0-draft.3

v0.8.0-draft.4

v0.8.0-draft.5

v0.8.0-draft.6

v0.8.0-draft.7

v0.8.0-draft.8

v0.8.0-draft.9

v0.8.1

v0.8.1-draft.2

v0.8.1-draft.3

v0.8.2

v0.8.2-draft.0

v0.8.3

v0.8.3-draft.0

v0.8.3-draft.1

v0.8.3-draft.2

v0.8.3-draft.3

v0.8.3-draft.4

v0.9.0

v0.9.0-draft.0

v1.*

v1.0.0

v1.0.0-draft.0

v1.0.0-draft.1

v1.0.1

v1.0.1-draft.0

v1.0.2

v1.0.2-draft.0

v1.0.3

v1.0.3-draft.0

v1.0.4

v1.0.4-draft.0

v1.0.5

v1.0.5-draft.0

v1.0.6

v1.0.6-draft.0

v1.0.6-draft.1

v1.0.6-draft.2

v1.0.6-draft.3

v1.0.6-draft.4

v1.0.7

v1.0.7-draft.0

v1.1.0

v1.1.0-draft.0

v1.1.1

v1.1.1-draft.0

v1.1.2

v1.1.2-draft.0

v1.1.3

v1.1.3-draft.0

v1.1.4

v1.1.4-draft.0

v1.1.5

v1.1.5-draft.0

v1.1.5-draft.1

v1.1.6

v1.1.6-draft.0

v1.1.7

v1.1.7-draft.0

v1.1.7-draft.1

v1.1.8

v1.1.8-draft.0

v1.1.8-draft.1

v1.1.8-draft.2

v1.1.8-draft.3

v1.1.8-draft.4

v1.1.8-draft.5

v1.1.8-draft.6

v1.1.8-draft.7

v1.1.8-draft.8

v1.1.9

v1.1.9-draft.0

v1.1.9-draft.1

v1.10.0

v1.10.0-draft.0

v1.10.1

v1.10.1-draft.0

v1.10.2

v1.10.2-draft.0

v1.10.3

v1.10.3-draft.0

v1.10.4

v1.10.4-draft.0

v1.10.5

v1.10.5-draft.0

v1.10.5-draft.1

v1.10.6

v1.10.6-draft.0

v1.10.6-draft.1

v1.2.0

v1.2.0-draft.0

v1.2.1

v1.2.1-draft.0

v1.2.2

v1.2.2-draft.0

v1.2.2-draft.1

v1.2.3

v1.2.3-draft.0

v1.2.3-draft.1

v1.3.0

v1.3.0-draft.0

v1.3.1

v1.3.1-draft.0

v1.4.0

v1.4.0-draft.0

v1.4.1

v1.4.1-draft.0

v1.4.2

v1.4.2-draft.0

v1.5.0

v1.5.0-draft.0

v1.5.0-draft.1

v1.5.0-draft.2

v1.5.0-draft.3

v1.5.0-draft.4

v1.5.0-draft.5

v1.5.1

v1.5.1-draft.0

v1.5.1-draft.1

v1.5.1-draft.2

v1.5.2

v1.5.2-draft.0

v1.5.3

v1.5.3-draft.0

v1.5.4

v1.5.4-draft.0

v1.6.0

v1.6.0-draft.0

v1.6.1

v1.6.1-draft.0

v1.6.2

v1.6.2-draft.0

v1.7.0

v1.7.0-draft.0

v1.7.1

v1.7.1-draft.0

v1.8.0

v1.8.0-draft.0

v1.8.1

v1.8.1-draft.0

v1.8.2

v1.8.2-draft.0

v1.9.0

v1.9.0-draft.0

v1.9.1

v1.9.1-draft.0

v2.*

v2.0.0

v2.0.0-draft.0

v2.0.0-draft.1

v2.0.0-draft.2

v2.0.0-draft.3

v2.0.0-draft.4

v2.0.1

v2.0.1-draft.0

v2.0.2

v2.0.2-draft.0

v2.1.0

v2.1.0-draft.0

v2.1.0-draft.1

v2.1.1

v2.1.1-draft.0

v2.1.2

v2.1.2-draft.2

v2.1.3

v2.1.3-draft.0

v2.1.3-draft.1

v2.1.3-draft.2

v2.1.3-draft.3

v2.1.4

v2.1.4-draft.0

v2.1.5

v2.1.5-draft.0

v2.1.5-draft.1

v2.1.5-draft.2

v2.2.0

v2.2.0-draft.0

v2.2.0-draft.1

v2.2.1

v2.2.1-draft.0

v2.2.1-draft.1

v2.2.10

v2.2.10-draft.0

v2.2.11

v2.2.11-draft.0

v2.2.11-draft.1

v2.2.12

v2.2.12-draft.0

v2.2.12-draft.1

v2.2.13

v2.2.13-draft.0

v2.2.13-draft.1

v2.2.14

v2.2.14-draft.0

v2.2.15

v2.2.15-draft.0

v2.2.2

v2.2.2-draft.0

v2.2.3

v2.2.3-draft.0

v2.2.4

v2.2.4-draft.0

v2.2.4-draft.1

v2.2.4-draft.2

v2.2.4-draft.3

v2.2.4-draft.4

v2.2.5

v2.2.5-draft.0

v2.2.6

v2.2.6-draft.0

v2.2.7

v2.2.7-draft.0

v2.2.8

v2.2.8-draft.0

v2.2.9

v2.2.9-draft.0

v2.3.0

v2.3.0-draft.0

v2.3.1

v2.3.1-draft.0

v2.3.2

v2.3.2-draft.0

v2.3.3

v2.3.3-draft.0

v2.3.4

v2.3.4-draft.0

v2.3.5

v2.3.5-draft.0

v2.3.6

v2.3.6-draft.0

v2.3.7

v2.3.7-draft.0

v2.3.8

v2.3.8-draft.0

v2.3.9-draft.0

v2.3.9-draft.1

v2.3.9-draft.10

v2.3.9-draft.11

v2.3.9-draft.12

v2.3.9-draft.2

v2.3.9-draft.3

v2.3.9-draft.4

v2.3.9-draft.5

v2.3.9-draft.6

v2.3.9-draft.7

v2.3.9-draft.8

v2.3.9-draft.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1692.json"