{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1756","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2025-02-27T13:02:02.998Z","datePublished":"2025-02-27T15:28:11.633Z","dateUpdated":"2025-02-27T16:06:31.860Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:mongodb:mongosh:0.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.3.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.4.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.4.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.5.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.5.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.6.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.7.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.8.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.9.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.10.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.10.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.11.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.12.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.12.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.13.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.14.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.15.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.15.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:0.15.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.1.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.2.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.3.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.4.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.4.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.5.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.5.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.5.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.5.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.5.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.6.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.6.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.6.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.7.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.7.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.8.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.8.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.90:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.91:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:1.10.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.1.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.1.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.1.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.1.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.1.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongosh:2.2.15:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"mongosh","vendor":"MongoDB Inc","versions":[{"lessThan":"2.3.0","status":"affected","version":"0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Only environments with Windows as the underlying operating system is affected by this issue</p><br>"}],"value":"Only environments with Windows as the underlying operating system is affected by this issue"}],"credits":[{"lang":"en","type":"finder","value":"T. Doğa Gelişli"}],"datePublic":"2025-02-27T13:15:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0</p>"}],"value":"mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-426","description":"CWE-426: Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2025-02-27T15:28:11.633Z"},"references":[{"url":"https://jira.mongodb.org/browse/MONGOSH-2028"}],"source":{"discovery":"EXTERNAL"},"title":"MongoDB Shell may be susceptible to local privilege escalation in Windows","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:1756","tags":["third-party-advisory"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-27T16:02:07.276063Z","id":"CVE-2025-1756","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-27T16:06:31.860Z"}}]}}