CVE-2025-1755
Published: 27 February 2025
Summary
CVE-2025-1755 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Mongodb Compass. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely installation of vendor patches, such as upgrading MongoDB Compass to version 1.42.1 or later.
Establishes secure configuration settings for applications to enforce trusted search paths, preventing loading of crafted files from untrusted directories like C:\node_modules\.
Enforces least privilege for processes, limiting the scope and impact of local privilege escalation even if the untrusted search path is exploited.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-1755 enables local privilege escalation in MongoDB Compass via a crafted file in C:\node_modules\, directly facilitating exploitation for privilege escalation (T1068).
NVD Description
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Deeper analysisAI
CVE-2025-1755 is a local privilege escalation vulnerability in MongoDB Compass, stemming from CWE-426 (Untrusted Search Path). It affects MongoDB Compass versions prior to 1.42.1 and can be triggered under certain conditions when a crafted file is stored in the C:\node_modules\ directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high impact potential with local access required.
A local attacker with low privileges can exploit this vulnerability through a high-complexity attack that requires user interaction. Successful exploitation enables unauthorized actions on the user's system with elevated privileges, potentially granting full control over confidentiality, integrity, and availability.
Mitigation is available via upgrade to MongoDB Compass 1.42.1 or later, as indicated by the MongoDB advisory at https://jira.mongodb.org/browse/COMPASS-9058. Red Hat has also released errata RHSA-2025:1755 addressing the issue, available at https://access.redhat.com/errata/RHSA-2025:1755.html.
Details
- CWE(s)