Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

Published

2025-02-27T16:15:39.137

Last Modified

2025-04-09T14:07:43.140

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-426
  • Type: Primary
    CWE-426
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mongodb compass < 1.42.1 Yes
Operating System microsoft windows - No
Operating System redhat enterprise_linux_for_arm_64 9.0_aarch64 Yes
Operating System redhat enterprise_linux_for_ibm_z_systems 9.0_s390x Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 9.0 Yes
References