{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "9.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_aarch64" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_s390x" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_ppc64le" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_aarch64" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_aarch64" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_s390x" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_s390x" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4_ppc64le" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.4" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.3.0" } ] }, "events": [ { "introduced": "0" }, { "fixed": "2013159f06f902b4e9a2060df411c6b5646d49d4" } ], "repo": "https://github.com/mongodb-js/mongosh", "type": "GIT" } ] } ], "details": "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0", "id": "CVE-2025-1756", "modified": "2026-03-10T21:50:05.365127892Z", "published": "2025-02-27T16:15:39.287Z", "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2025:1756" }, { "type": "REPORT", "url": "https://jira.mongodb.org/browse/MONGOSH-2028" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }