CVE-2024-7553

Summary

CVE-2024-7553 is a local privilege escalation vulnerability affecting various versions of MongoDB Server, including those running on Windows operating systems. The issue arises from incorrect file validation when loading files from untrusted local directories. An attacker who successfully exploits this vulnerability can execute arbitrary code within the application, potentially gaining elevated privileges. This vulnerability impacts MongoDB Server versions prior to 5.0.27, 6.0.16, 7.0.12, 7.3.3, and certain versions of the MongoDB C Driver and PHP Driver. It is essential to note that only environments with a Windows operating system are susceptible to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.