CVE-2025-1756

Source
https://cve.org/CVERecord?id=CVE-2025-1756
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1756.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-1756
Aliases
Published
2025-02-27T15:28:11.633Z
Modified
2026-07-15T01:48:57.591729952Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
MongoDB Shell may be susceptible to local privilege escalation in Windows
Details

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0

Database specific
{
    "cwe_ids": [
        "CWE-426"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1756.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "2.3.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "mongodb"
}
References

Affected packages

Git / github.com/mongodb-js/mongosh

Affected ranges

Type
GIT
Repo
https://github.com/mongodb-js/mongosh
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*
0.0.2
v0.*
v0.0.1
v0.0.1-alpha.0
v0.0.1-alpha.1
v0.0.1-alpha.10
v0.0.1-alpha.11
v0.0.1-alpha.12
v0.0.1-alpha.13
v0.0.1-alpha.15
v0.0.1-alpha.17
v0.0.1-alpha.18
v0.0.1-alpha.19
v0.0.1-alpha.2
v0.0.1-alpha.3
v0.0.1-alpha.4
v0.0.1-alpha.5
v0.0.1-alpha.6
v0.0.1-alpha.7
v0.0.1-alpha.8
v0.0.1-alpha.9
v0.0.2
v0.0.2-alpha.0
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.1.0
v0.10.0
v0.10.0-draft.0
v0.10.1
v0.10.1-draft.0
v0.11.0
v0.11.0-draft.0
v0.11.0-draft.1
v0.11.0-draft.2
v0.12.0
v0.12.0-draft.0
v0.12.1
v0.12.1-draft.0
v0.13.0
v0.13.0-draft.0
v0.13.0-draft.1
v0.13.1
v0.13.1-draft.0
v0.13.2
v0.13.2-draft.0
v0.14.0
v0.14.0-draft.0
v0.14.1-draft.0
v0.15.0
v0.15.0-draft.0
v0.15.1
v0.15.1-draft.0
v0.15.2
v0.15.2-draft.0
v0.15.3
v0.15.3-draft.0
v0.15.3-draft.1
v0.15.4
v0.15.4-draft.0
v0.15.5
v0.15.5-draft.0
v0.15.6
v0.15.6-draft.0
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.0-draft.1
v0.7.0-draft.2
v0.7.0-draft.3
v0.7.0-draft.4
v0.7.0-draft.5
v0.7.0-draft.6
v0.7.0-draft.7
v0.7.0-draft.8
v0.7.0-draft.9
v0.7.0-testrelease
v0.7.0-testrelease1
v0.7.0-testrelease2
v0.7.1
v0.7.1-draft.1
v0.7.2
v0.7.2-draft.1
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.0-draft.0
v0.8.0-draft.1
v0.8.0-draft.10
v0.8.0-draft.11
v0.8.0-draft.2
v0.8.0-draft.3
v0.8.0-draft.4
v0.8.0-draft.5
v0.8.0-draft.6
v0.8.0-draft.7
v0.8.0-draft.8
v0.8.0-draft.9
v0.8.1
v0.8.1-draft.2
v0.8.1-draft.3
v0.8.2
v0.8.2-draft.0
v0.8.3
v0.8.3-draft.0
v0.8.3-draft.1
v0.8.3-draft.2
v0.8.3-draft.3
v0.8.3-draft.4
v0.9.0
v0.9.0-draft.0
v1.*
v1.0.0
v1.0.0-draft.0
v1.0.0-draft.1
v1.0.1
v1.0.1-draft.0
v1.0.2
v1.0.2-draft.0
v1.0.3
v1.0.3-draft.0
v1.0.4
v1.0.4-draft.0
v1.0.5
v1.0.5-draft.0
v1.0.6
v1.0.6-draft.0
v1.0.6-draft.1
v1.0.6-draft.2
v1.0.6-draft.3
v1.0.6-draft.4
v1.0.7
v1.0.7-draft.0
v1.1.0
v1.1.0-draft.0
v1.1.1
v1.1.1-draft.0
v1.1.2
v1.1.2-draft.0
v1.1.3
v1.1.3-draft.0
v1.1.4
v1.1.4-draft.0
v1.1.5
v1.1.5-draft.0
v1.1.5-draft.1
v1.1.6
v1.1.6-draft.0
v1.1.7
v1.1.7-draft.0
v1.1.7-draft.1
v1.1.8
v1.1.8-draft.0
v1.1.8-draft.1
v1.1.8-draft.2
v1.1.8-draft.3
v1.1.8-draft.4
v1.1.8-draft.5
v1.1.8-draft.6
v1.1.8-draft.7
v1.1.8-draft.8
v1.1.9
v1.1.9-draft.0
v1.1.9-draft.1
v1.10.0
v1.10.0-draft.0
v1.10.1
v1.10.1-draft.0
v1.10.2
v1.10.2-draft.0
v1.10.3
v1.10.3-draft.0
v1.10.4
v1.10.4-draft.0
v1.10.5
v1.10.5-draft.0
v1.10.5-draft.1
v1.10.6
v1.10.6-draft.0
v1.10.6-draft.1
v1.2.0
v1.2.0-draft.0
v1.2.1
v1.2.1-draft.0
v1.2.2
v1.2.2-draft.0
v1.2.2-draft.1
v1.2.3
v1.2.3-draft.0
v1.2.3-draft.1
v1.3.0
v1.3.0-draft.0
v1.3.1
v1.3.1-draft.0
v1.4.0
v1.4.0-draft.0
v1.4.1
v1.4.1-draft.0
v1.4.2
v1.4.2-draft.0
v1.5.0
v1.5.0-draft.0
v1.5.0-draft.1
v1.5.0-draft.2
v1.5.0-draft.3
v1.5.0-draft.4
v1.5.0-draft.5
v1.5.1
v1.5.1-draft.0
v1.5.1-draft.1
v1.5.1-draft.2
v1.5.2
v1.5.2-draft.0
v1.5.3
v1.5.3-draft.0
v1.5.4
v1.5.4-draft.0
v1.6.0
v1.6.0-draft.0
v1.6.1
v1.6.1-draft.0
v1.6.2
v1.6.2-draft.0
v1.7.0
v1.7.0-draft.0
v1.7.1
v1.7.1-draft.0
v1.8.0
v1.8.0-draft.0
v1.8.1
v1.8.1-draft.0
v1.8.2
v1.8.2-draft.0
v1.9.0
v1.9.0-draft.0
v1.9.1
v1.9.1-draft.0
v2.*
v2.0.0
v2.0.0-draft.0
v2.0.0-draft.1
v2.0.0-draft.2
v2.0.0-draft.3
v2.0.0-draft.4
v2.0.1
v2.0.1-draft.0
v2.0.2
v2.0.2-draft.0
v2.1.0
v2.1.0-draft.0
v2.1.0-draft.1
v2.1.1
v2.1.1-draft.0
v2.1.2
v2.1.2-draft.2
v2.1.3
v2.1.3-draft.0
v2.1.3-draft.1
v2.1.3-draft.2
v2.1.3-draft.3
v2.1.4
v2.1.4-draft.0
v2.1.5
v2.1.5-draft.0
v2.1.5-draft.1
v2.1.5-draft.2
v2.2.0
v2.2.0-draft.0
v2.2.0-draft.1
v2.2.1
v2.2.1-draft.0
v2.2.1-draft.1
v2.2.10
v2.2.10-draft.0
v2.2.11
v2.2.11-draft.0
v2.2.11-draft.1
v2.2.12
v2.2.12-draft.0
v2.2.12-draft.1
v2.2.13
v2.2.13-draft.0
v2.2.13-draft.1
v2.2.14
v2.2.14-draft.0
v2.2.15
v2.2.15-draft.0
v2.2.2
v2.2.2-draft.0
v2.2.3
v2.2.3-draft.0
v2.2.4
v2.2.4-draft.0
v2.2.4-draft.1
v2.2.4-draft.2
v2.2.4-draft.3
v2.2.4-draft.4
v2.2.5
v2.2.5-draft.0
v2.2.6
v2.2.6-draft.0
v2.2.7
v2.2.7-draft.0
v2.2.8
v2.2.8-draft.0
v2.2.9
v2.2.9-draft.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1756.json"