4 matches found
CVE-2025-12100
CVE-2025-12100 affects MongoDB BI Connector ODBC driver versions 1.0.0–1.4.6, due to an incorrectly set default privilege that enables local privilege escalation. The issue is documented across multiple sources (including Red Hat and OSV entries) with the same description. A fix appears in v1.4.7...
CVE-2025-11535
MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...
CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...
PT-2025-37717
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.21 MongoDB Server versions prior to 8.0.5 Description: The MongoDB Windows installation MSI may leave Access Control Lists ACLs unset on custom installation...