CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1755 – MongoDB Compass may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1755
27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1 • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3371 – Insufficient validation of external input in Compass may enable MITM attacks
https://notcve.org/view.php?id=CVE-2024-3371
24 Apr 2024 — MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. MongoDB Compass puede aceptar y utilizar entradas no suficientemente validadas de una fuente externa que no sea de confianza. Esto puede provocar un comportamiento no deseado de la aplicación, incluida la divulgación de datos y pe... • https://jira.mongodb.org/browse/COMPASS-7260 • CWE-360: Trust of System Event Data •