PT-2025-41315 · Mongodb · Mongodb Connector For Bi
Published
2025-10-08
·
Updated
2025-10-08
·
CVE-2025-11535
CVSS v4.0
8.8
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Connector for BI versions 2.0.0 through 2.14.24
Description
The installation of MongoDB Connector for BI via MSI on Windows may result in Privilege Escalation due to improperly configured Access Control Lists (ACLs) on custom installation directories. This allows for potential unauthorized access and control over the system.
Recommendations
Update MongoDB Connector for BI to a version later than 2.14.24.
Fix
LPE
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Connector For Bi