CVE-2025-1693 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2025-1693?

CVE-2025-1693 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-1693?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Mongosh.

Vulnerability Description

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions. The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker. This issue affects mongosh versions prior to 2.3.9

CVSS Score

3.9

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Mongodb	Mongosh	< 2.3.9

Related Weaknesses (CWE)

CWE-150

References

https://jira.mongodb.org/browse/MONGOSH-2026Issue TrackingVendor Advisory

FAQ

What is CVE-2025-1693?

CVE-2025-1693 is a vulnerability with a CVSS score of 3.9 (LOW). The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may resu...

How severe is CVE-2025-1693?

CVE-2025-1693 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-1693?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Mongosh.