CVE-2025-1756
HIGHDescription
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
Is your site exposed to CVE-2025-1756?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mongodb | mongosh |
| redhat | codeready_linux_builder_eus |
| redhat | codeready_linux_builder_for_arm64_eus |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus |
| redhat | codeready_linux_builder_for_power_little_endian_eus |
| redhat | enterprise_linux_update_services_for_sap_solutions |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_server_aus |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-1756? +
How severe is CVE-2025-1756? +
What products are affected by CVE-2025-1756? +
How do I check if I'm vulnerable to CVE-2025-1756? +
Related Vulnerabilities
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file …
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 …
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution …
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user …
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to …
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to …