CVE-2025-1756

Опубликовано: 27 фев. 2025

Источник: nvd

CVSS3: 7.5

CVSS3: 7.8

EPSS Низкий

Описание

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0

Ссылки

https://jira.mongodb.org/browse/MONGOSH-2028
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:1756
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:*

Версия до 2.3.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*

cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*

cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*

cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-426

Связанные уязвимости

GHSA-f5w3-73h4-jpcm

CVSS3: 7.5

github

12 месяцев назад

mongosh vulnerable to local privilege escalation

EPSS

Процентиль: 7%

0.00027

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-426