CVE-2025-1755: 
NixOS vulnerability analysis and mitigation

MongoDB Compass, prior to version 1.42.1, contains a local privilege escalation vulnerability (CVE-2025-1755) that was discovered and disclosed on February 27, 2025. The vulnerability affects the Windows version of MongoDB Compass and could potentially enable unauthorized actions with elevated privileges when a crafted file is stored in C:\node_modules\ (NVD, MongoDB Jira).

The vulnerability is classified as CWE-426 (Untrusted Search Path) and has been assigned a CVSS v3.1 base score of 7.5 (HIGH), with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, low privileges, and user interaction, but can potentially result in high impacts to confidentiality, integrity, and availability in a changed scope scenario (NVD).

If successfully exploited, this vulnerability could allow an attacker to perform unauthorized actions with elevated privileges on the affected system. The high CVSS score indicates serious potential impacts to system confidentiality, integrity, and availability (NVD).

The vulnerability has been patched in MongoDB Compass version 1.42.1. Users running affected versions should upgrade to version 1.42.1 or later to mitigate this security risk (NVD).