Cyber Resilience

CVE-2025-1693

Low

Published: 27 February 2025

Published
27 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0011 29.3th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1693 is a low-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Mongodb Mongosh. Its CVSS base score is 3.9 (Low).

Operationally, ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to…

more

originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions. The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker. This issue affects mongosh versions prior to 2.3.9

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mongodb
mongosh
≤ 2.3.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References