CVE-2025-1756

moderate-risk

Published 2025-02-27

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

LOCAL / HIGH complexity

Affected Products (13)

Mongosh

Codeready Linux Builder Eus

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems Eus

Codeready Linux Builder For Power Little Endian Eus

Enterprise Linux Update Services For Sap Solutions

Enterprise Linux Eus

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux Server Aus

Affected Vendors

Redhat Mongodb

References (2)

Issue Tracking https://jira.mongodb.org/browse/MONGOSH-2028

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:1756

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 17/34 · Moderate