CVE-2025-11575

Name of the Vulnerable Software and Affected Versions MongoDB Atlas SQL ODBC driver versions 1.0.0 through 2.0.0

Description An incorrect default permissions issue exists in the MongoDB Atlas SQL ODBC driver on Windows, potentially allowing for privilege escalation. The issue stems from improperly configured permissions during installation, specifically when using the MSI installer, which may result in Access Control Lists (ACLs) being unset on custom installation directories.

Recommendations Versions 1.0.0 through 2.0.0: Ensure permissions are correctly configured on custom installation directories to prevent unauthorized privilege escalation.