CVE-2025-1756

CVE-2025-1756 is a local privilege escalation vulnerability in mongosh, affecting versions prior to 2.3.0. The flaw occurs under certain conditions when a crafted file is stored in C:\node_modules\, potentially enabling unauthorized actions on a user's system with elevated privileges. It is linked to CWE-426 (Untrusted Search Path) and carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local access required, high complexity, low privileges, and user interaction.

A local attacker with low privileges can exploit this vulnerability by placing a crafted file in the C:\node_modules\ directory. Exploitation demands high attack complexity and relies on user interaction, likely involving the execution of mongosh in an environment that loads the malicious file via an untrusted search path. Upon success, the attacker achieves privilege escalation, resulting in high impacts to confidentiality, integrity, and availability across the system's scope.

MongoDB's advisory at https://jira.mongodb.org/browse/MONGOSH-2028 and Red Hat's errata at https://access.redhat.com/errata/RHSA-2025:1756 detail the issue. Mitigation requires upgrading to mongosh 2.3.0 or later, which addresses the vulnerability.