CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules. This issue affects MongoDB Compass prior to 1.42.1

Published: Feb 27, 2025
Updated: May 4, 2025
CVE: CVE-2025-1755
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-426

Affected Software
References

Software	From	Fixed in
mongodb / compass	-	1.42.1
redhat / enterprise_linux_for_arm_64	9.0_aarch64	9.0_aarch64.x
redhat / enterprise_linux_for_ibm_z_systems	9.0_s390x	9.0_s390x.x
redhat / enterprise_linux_update_services_for_sap_solutions	9.0	9.0.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0_ppc64le	9.0_ppc64le.x

https://access.redhat.com/errata/RHSA-2025:1755.html
https://jira.mongodb.org/browse/COMPASS-9058

Vulnerability Database

289,599

CVE-2025-1755