Vulnerability Description
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mongodb | Compass | < 1.42.1 |
| Microsoft | Windows | - |
| Redhat | Enterprise Linux For Arm 64 | 9.0_aarch64 |
| Redhat | Enterprise Linux For Ibm Z Systems | 9.0_s390x |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 9.0_ppc64le |
| Redhat | Enterprise Linux Update Services For Sap Solutions | 9.0 |
Related Weaknesses (CWE)
References
- https://jira.mongodb.org/browse/COMPASS-9058Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2025:1755.htmlThird Party Advisory
FAQ
What is CVE-2025-1755?
CVE-2025-1755 is a vulnerability with a CVSS score of 7.5 (HIGH). MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is ...
How severe is CVE-2025-1755?
CVE-2025-1755 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-1755?
Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Compass, Microsoft Windows, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions.