Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1692

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9

Published

2025-02-27T13:15:11.413

Last Modified

2025-09-22T16:40:56.037

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-150

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mongodb	mongosh	< 2.3.9	Yes

References

https://jira.mongodb.org/browse/MONGOSH-2025 Issue Tracking, Vendor Advisory ([email protected])