High severity7.8OSV Advisory· Published Oct 23, 2025· Updated Apr 15, 2026

CVE-2025-12100

Description

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.

Affected products

MongoDB/Mongo Bi Connector Odbc DriverOSV
Range: v1.0.0, v1.1.0, v1.2.0, …

Patches

d410bd38dfb7

https://github.com/mongodb/mongo-bi-connector-odbc-drivervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/mongodb/mongo-bi-connector-odbc-driver/releases/tag/v1.4.7nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000