MongoDB Connector for BI Privilege Escalation Vulnerability Due to Improper ACL Management on Windows

Vulnerability

A privilege escalation vulnerability exists in the MongoDB Connector for BI, versions 2.0.0 through 2.14.24, installed via MSI on Windows. The vulnerability arises because the application fails to set proper access control lists (ACLs) on custom installation directories, leaving them open to unauthorized modifications. This flaw could potentially be exploited to gain elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system.

Added: Oct 8, 2025, 10:16 PM

Updated: Oct 8, 2025, 10:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Connector for BI Privilege Escalation Vulnerability Due to Improper ACL Management on Windows

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating