CVE-2025-1755

🗓️ 27 Feb 2025 15:24:07Reported by mongodbType

MongoDB Compass local privilege escalation risk due to crafted file in C:\node_modules\.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-1755	27 Feb 202516:26	–	circl
CNNVD	MongoDB Compass 代码问题漏洞	27 Feb 202500:00	–	cnnvd
Cvelist	CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows	27 Feb 202515:24	–	cvelist
EUVD	EUVD-2025-5457	3 Oct 202520:07	–	euvd
MongoDB	MongoDB Compass may be susceptible to local privilege escalation in Windows	27 Feb 202513:08	–	mongodb
NVD	CVE-2025-1755	27 Feb 202516:15	–	nvd
OSV	CVE-2025-1755	27 Feb 202516:15	–	osv
Positive Technologies	PT-2025-8960 · Mongodb · Mongodb Compass	27 Feb 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-1755	1 Mar 202516:22	–	redhatcve
Vulnrichment	CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows	27 Feb 202515:24	–	vulnrichment

NVD

Node

mongodb compassRange<1.42.1

AND

microsoft windowsMatch-

Node

redhat enterprise_linux_for_arm_64Match9.0_aarch64

redhat enterprise_linux_for_ibm_z_systemsMatch9.0_s390x

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.0_ppc64le

redhat enterprise_linux_update_services_for_sap_solutionsMatch9.0

[
  {
    "cpes": [
      "cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MongoDB Compass",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "1.42.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/COMPASS-9058
access	www.access.redhat.com/errata/RHSA-2025:1755.html

17 Jun 2026 08:39Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5 - 7.8

EPSS0.00134

SSVC

CWE-426