{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1755","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2025-02-27T13:02:01.480Z","datePublished":"2025-02-27T15:24:07.174Z","dateUpdated":"2025-02-27T16:07:45.320Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"MongoDB Compass","vendor":"MongoDB Inc","versions":[{"lessThan":"1.42.1","status":"affected","version":"0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><p>Only environments with Windows as the underlying operating system is affected by this issue</p></div>"}],"value":"Only environments with Windows as the underlying operating system is affected by this issue"}],"credits":[{"lang":"en","type":"finder","value":"T. Doğa Gelişli"}],"datePublic":"2025-02-27T13:08:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1</p>"}],"value":"MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-426","description":"CWE-426: Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2025-02-27T15:24:07.174Z"},"references":[{"url":"https://jira.mongodb.org/browse/COMPASS-9058"}],"source":{"discovery":"EXTERNAL"},"title":"MongoDB Compass may be susceptible to local privilege escalation in Windows","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:1755.html","tags":["third-party-advisory"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-27T16:07:15.336525Z","id":"CVE-2025-1755","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-27T16:07:45.320Z"}}]}}