m
ongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
References
| Link | Resource |
|---|---|
| https://jira.mongodb.org/browse/MONGOSH-2028 | Vendor Advisory Issue Tracking |
| https://access.redhat.com/errata/RHSA-2025:1756 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
09 Apr 2025, 14:07
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux Update Services For Sap Solutions Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder Eus Redhat enterprise Linux For Power Little Endian Eus Mongodb mongosh Redhat codeready Linux Builder For Power Little Endian Eus Redhat Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Mongodb |
|
| Summary |
|
|
| References | () https://jira.mongodb.org/browse/MONGOSH-2028 - Vendor Advisory, Issue Tracking | |
| References | () https://access.redhat.com/errata/RHSA-2025:1756 - Third Party Advisory | |
| CPE | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:mongodb:mongosh:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* |
27 Feb 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-27 16:15
Updated : 2025-04-09 14:07
NVD link : CVE-2025-1756
Mitre link : CVE-2025-1756
CVE.ORG link : CVE-2025-1756
JSON object : View
Products Affected
- enterprise_linux_server_aus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_arm_64
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_power_little_endian_eus
- codeready_linux_builder_for_arm64_eus
- codeready_linux_builder_for_ibm_z_systems_eus
- codeready_linux_builder_eus
- enterprise_linux_for_arm_64_eus
- enterprise_linux_eus
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_update_services_for_sap_solutions
CWE
CWE-426
Untrusted Search Path