Home > Vulnerability Database > CVE-2025-1693

Mend.io Vulnerability Database

CVE-2025-1693

Good to know:

Date: February 27, 2025

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions. The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker. This issue affects mongosh versions prior to 2.3.9

Severity Score

3.9

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1693

Url: https://jira.mongodb.org/browse/MONGOSH-2026

Url: https://github.com/mongodb-js/mongosh

Url: https://www.mend.io/vulnerability-database/CVE-2025-1693

Severity Score

3.9

Weakness Type (CWE)

Improper Neutralization of Escape, Meta, or Control Sequences

CWE-150

Top Fix

Upgrade Version

Upgrade to version mongosh - 2.3.9

Learn More

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1693

Good to know:

Date: February 27, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?