Local Privilege Escalation Vulnerability in MongoDB Compass by MongoDB
CVE-2025-1755

7.8HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb Compass
Vendor: CVE Published:; 27 February 2025

Summary

MongoDB Compass is vulnerable to local privilege escalation under specific conditions, allowing unauthorized users to perform actions on a system with elevated privileges. This issue arises when a maliciously crafted file is placed within the C:\node_modules\ directory. Affected users running versions of MongoDB Compass earlier than 1.42.1 should prioritize upgrading their software to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MongoDB Compass 0 < 1.42.1

References

https://jira.mongodb.org/browse/COMPASS-9058

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

T. Doğa Gelişli