CVE-2025-1692
Published: 27 February 2025
Summary
CVE-2025-1692 is a medium-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Mongodb Mongosh. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Copy and Paste (T1204.004); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation requires upgrading mongosh to version 2.3.9 or later, directly eliminating the control character injection vulnerability.
Information input validation neutralizes control characters in pasted clipboard content, preventing arbitrary code execution in the MongoDB Shell.
Information input restrictions block unauthorized control characters in mongosh inputs, reducing the risk of obfuscated malicious code from clipboard paste.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables code execution specifically via malicious clipboard paste into interactive shell, mapping directly to T1204.004 Malicious Copy and Paste.
NVD Description
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used…
more
to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9
Deeper analysisAI
CVE-2025-1692 is a control character injection vulnerability in the MongoDB Shell, specifically affecting mongosh versions prior to 2.3.9. The flaw enables an attacker with control of the user's clipboard to manipulate them into pasting obfuscated text that evaluates arbitrary code. Control characters in the pasted content bypass normal input handling, leading to code execution within the shell.
Exploitation requires local access, high attack complexity, elevated privileges, and user interaction, as indicated by the CVSS 3.1 vector AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (score 6.3). An attacker must first compromise the clipboard—such as through a malicious application or social engineering—and trick a privileged user into pasting the content into mongosh. Successful exploitation grants arbitrary code execution with high impacts on confidentiality, integrity, and availability.
The vulnerability is documented in MongoDB's JIRA ticket at https://jira.mongodb.org/browse/MONGOSH-2025 and is associated with CWE-150 (Improper Neutralization of Control Characters). Mitigation involves upgrading to mongosh version 2.3.9 or later, which addresses the control character handling issue.
Details
- CWE(s)