CVE-2025-11535

MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

Description

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.

INFO

Published Date :

2025-10-08T22:07:18.498Z

Last Modified :

2025-10-08T22:07:18.498Z

Source :

mongodb

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11535 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11535.

URL	Resource
https://www.mongodb.com/docs/bi-connector/current/release-notes/#bi-2.14.25

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability