PT-2025-43561 · Mongodb · Mongodb Bi Connector Odbc Driver

Published

2025-10-23

Updated

2025-10-23

CVE-2025-12100

CVSS v4.0

8.8

High

Vector

AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6

Description An incorrect default permissions issue exists in the MongoDB BI Connector ODBC driver, potentially allowing privilege escalation. The issue relates to default permissions being improperly configured.

Recommendations Update MongoDB BI Connector ODBC driver to a version later than 1.4.6.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2025-16257

CVE-2025-12100

Affected Products

Mongodb Bi Connector Odbc Driver

PT-2025-43561 · Mongodb · Mongodb Bi Connector Odbc Driver

CVE-2025-12100

Weakness Enumeration

Related Identifiers

Affected Products

References · 7