CVE-2025-12100
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: MongoDB, Inc.
Description
Description
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | bi_connector_odbc_driver | 1.4.7 |
| mongodb | bi_connector_odbc_driver | 1.0.0 |
| mongodb | bi_connector_odbc_driver | 1.4.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Default Permissions issue in the MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6. It allows privilege escalation, meaning an attacker with limited access could gain higher-level permissions than intended.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, which may allow an attacker to gain unauthorized access to sensitive data or perform unauthorized actions with elevated privileges, potentially compromising confidentiality, integrity, and availability of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70