Incorrect Default Permissions

CVE-2025-11535

High

8.8/10

Summary

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.

Attack Complexity: LOW
Attack Vector: LOCAL
User Interaction: NONE
Privileges Required: LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Oct 08, 2025

Incorrect Default Permissions

CVE-2025-11535

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS