Local Privilege Escalation Vulnerability in MongoDB Compass by MongoDB
CVE-2025-1755

7.5HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb Compass
Vendor: CVE Published:; 27 February 2025

Summary

MongoDB Compass is vulnerable to local privilege escalation under specific conditions, allowing unauthorized users to perform actions on a system with elevated privileges. This issue arises when a maliciously crafted file is placed within the C:\node_modules\ directory. Affected users running versions of MongoDB Compass earlier than 1.42.1 should prioritize upgrading their software to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MongoDB Compass 0 < 1.42.1

References

https://jira.mongodb.org/browse/COMPASS-9058

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

T. Doğa Gelişli