CVE-2025-1692HIGH 8.8EPSS p12.9%

CVE-2025-1692CVE-2025-1692

Description

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.9% · 2026-06-19T12:03:05Z
Published2025-02-27
Last modified2025-09-22

Underlying weaknesses· 1

CWE-150

References

  1. https://jira.mongodb.org/browse/MONGOSH-2025

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Escape, Meta, or Control Sequencescwe-1500%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9750
CVE
CVE-2026-41696
CVE
CVE-2025-23061
CVE
MongoDB mongo-express Remote Code Execution Vulnerability
CVE
CVE-2026-9740
CVE
CVE-2025-61492
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.