CVE-2025-12100
📋 TL;DR
The MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6 have incorrect default permissions that allow local users to escalate privileges. This affects systems where the ODBC driver is installed and configured for MongoDB BI Connector access. Attackers with local access can exploit this to gain elevated privileges on the system.
💻 Affected Systems
- MongoDB BI Connector ODBC driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/root privileges, installs persistent malware, accesses all data, and pivots to other systems in the network.
Likely Case
Local user or malware with initial access escalates to administrative privileges, enabling data theft, configuration changes, and persistence mechanisms.
If Mitigated
Attackers with local access remain at user-level privileges, limiting damage to user-specific data and preventing system-wide compromise.
🎯 Exploit Status
Requires local access but likely simple to exploit once local execution is achieved. No public exploit code identified yet.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.7
Vendor Advisory: https://github.com/mongodb/mongo-bi-connector-odbc-driver/releases/tag/v1.4.7
Restart Required: Yes
Instructions:
1. Download version 1.4.7 from the MongoDB releases page. 2. Stop any applications using the ODBC driver. 3. Uninstall the current ODBC driver. 4. Install version 1.4.7. 5. Restart the system or affected services.
🔧 Temporary Workarounds
Restrict local user access
allLimit local user accounts to only trusted personnel and implement least privilege principles
Remove unnecessary ODBC driver installations
allUninstall the MongoDB BI Connector ODBC driver from systems where it's not required
On Windows: Control Panel > Programs > Uninstall a program
On Linux: sudo apt remove mongodb-bi-connector-odbc or equivalent package manager command
🧯 If You Can't Patch
- Implement strict access controls to limit who has local login privileges on affected systems
- Monitor for privilege escalation attempts using security tools and audit local user activity
🔍 How to Verify
Check if Vulnerable:
Check ODBC driver version in system settings or registry. On Windows: Check HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers for MongoDB BI Connector version. On Linux: Check installed packages for mongodb-bi-connector-odbc version.Check Version:
On Windows: reg query "HKLM\SOFTWARE\ODBC\ODBCINST.INI\ODBC Drivers" /v "MongoDB BI Connector". On Linux: dpkg -l | grep mongodb-bi-connector-odbc or rpm -qa | grep mongodb-bi-connector-odbcVerify Fix Applied:
Confirm version 1.4.7 is installed and verify file permissions on ODBC driver files are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- ODBC driver access by non-privileged users
- Security log entries showing user privilege changes
Network Indicators:
- None - this is local exploitation only
SIEM Query:
EventID=4672 OR EventID=4688 on Windows systems with ODBC driver installed, looking for privilege escalation patterns