CVE-2025-1755

Опубликовано: 27 фев. 2025

Источник: nvd

CVSS3: 7.5

CVSS3: 7.8

EPSS Низкий

Описание

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules. This issue affects MongoDB Compass prior to 1.42.1

Ссылки

https://jira.mongodb.org/browse/COMPASS-9058
Vendor Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2025:1755.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:*

Версия до 1.42.1 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00015

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-426

Связанные уязвимости

GHSA-25hc-2p68-qc2g

CVSS3: 7.5

github

6 месяцев назад

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1

EPSS

Процентиль: 2%

0.00015

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-426