CVE-2025-1692

Name of the Vulnerable Software and Affected Versions mongosh versions prior to 2.3.9

Description The MongoDB Shell may be susceptible to control character injection, allowing an attacker with control of the user's clipboard to manipulate them into pasting text that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider disabling the ability to paste text into mongosh until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation.