MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
CVE ID: CVE-2025-1755
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vendor: MongoDB Inc
Product: MongoDB Compass
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 0.84% (scored less or equal to compared to others)
EPSS Date: 2025-03-28 (when was this score calculated)