Cyber Resilience

CVE-2025-1692

Medium

Published: 27 February 2025

Published
27 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1692 is a medium-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Mongodb Mongosh. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Copy and Paste (T1204.004); ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1692 is a control character injection vulnerability in the MongoDB Shell, specifically affecting mongosh versions prior to 2.3.9. The flaw enables an attacker with control of the user's clipboard to manipulate them into pasting obfuscated text that evaluates arbitrary code. Control characters in the pasted content bypass normal input handling, leading to code execution within the shell.

Exploitation requires local access, high attack complexity, elevated privileges, and user interaction, as indicated by the CVSS 3.1 vector AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (score 6.3). An attacker must first compromise the clipboard—such as through a malicious application or social engineering—and trick a privileged user into pasting the content into mongosh. Successful exploitation grants arbitrary code execution with high impacts on confidentiality, integrity, and availability.

The vulnerability is documented in MongoDB's JIRA ticket at https://jira.mongodb.org/browse/MONGOSH-2025 and is associated with CWE-150 (Improper Neutralization of Control Characters). Mitigation involves upgrading to mongosh version 2.3.9 or later, which addresses the control character handling issue.

EU & UK References

Vulnerability details

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used…

more

to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.004 Malicious Copy and Paste Execution
An adversary may rely upon a user copying and pasting code in order to gain execution.
Why these techniques?

Vulnerability enables code execution specifically via malicious clipboard paste into interactive shell, mapping directly to T1204.004 Malicious Copy and Paste.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1691Same product: Mongodb Mongosh
CVE-2026-1847Same vendor: Mongodb
CVE-2025-14847Same vendor: Mongodb
CVE-2025-0755Same vendor: Mongodb
CVE-2026-1848Same vendor: Mongodb
CVE-2026-8053Same vendor: Mongodb
CVE-2026-1850Same vendor: Mongodb
CVE-2026-8336Same vendor: Mongodb
CVE-2026-4358Same vendor: Mongodb
CVE-2026-1849Same vendor: Mongodb

Affected Assets

mongodb
mongosh
≤ 2.3.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation requires upgrading mongosh to version 2.3.9 or later, directly eliminating the control character injection vulnerability.

prevent

Information input validation neutralizes control characters in pasted clipboard content, preventing arbitrary code execution in the MongoDB Shell.

prevent

Information input restrictions block unauthorized control characters in mongosh inputs, reducing the risk of obfuscated malicious code from clipboard paste.

References