{"id":"CVE-2025-12100","details":"Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.","modified":"2026-04-10T05:22:02.113752Z","published":"2025-10-23T21:15:41.060Z","references":[{"type":"WEB","url":"https://github.com/mongodb/mongo-bi-connector-odbc-driver/releases/tag/v1.4.7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo-bi-connector-odbc-driver","events":[{"introduced":"f68c45f988f49a9db4b8cc6be90f3e33de1ddd8f"},{"last_affected":"2e55ca7850c8571d65a856246bf516dfea1ec123"},{"fixed":"d410bd38dfb761594fc9ea812cdd559760a313b7"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"1.4.6."}]}}],"versions":["v1.0.0","v1.1.0","v1.2.0","v1.3.0","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.6-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12100.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}