CVE-2025-12100
MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories
In short
The MongoDB BI Connector ODBC driver installer may fail to properly set access permissions on custom installation directories, allowing unauthorized users to modify or replace driver files and gain elevated privileges on the system.
Technical detail
The MSI installer for MongoDB BI Connector ODBC driver (versions 1.0.0–1.4.6) does not correctly apply access control lists (ACLs) when users select custom installation directories, creating a privilege escalation vector where local attackers with file system access can modify driver binaries or configuration files.
Summary generated and translated by AI from the official description.
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
MongoDB · BI Connector ODBC driverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →