A high-severity vulnerability has been identified in the MongoDB BI Connector ODBC driver due to incorrect default permissions. This flaw allows a local, low-privileged user to escalate their privileges on the system, potentially leading to unauthorized access to sensitive data, system compromise, or disruption of business intelligence services.

The vulnerability stems from the MongoDB BI Connector ODBC driver setting overly permissive access controls on its configuration files, directories, or related registry keys during installation. A local attacker with basic user access can modify these insecurely configured resources. By manipulating the driver's configuration, an attacker could force the BI Connector service to execute arbitrary code or commands with the elevated privileges of the account running the service, resulting in a full privilege escalation on the host system.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could lead to severe business consequences, including a breach of sensitive data accessible via the BI connector, unauthorized modification or destruction of critical information, and a loss of data integrity. An attacker who successfully escalates privileges could establish a persistent foothold within the network, pivot to other critical systems, and bypass security controls, posing a significant risk to the organization's overall security posture and regulatory compliance.

Immediate Action: The primary remediation step is to update the MongoDB BI Connector ODBC driver to the latest patched version released by the vendor immediately. Following the update, conduct a comprehensive audit of user permissions and access controls for the service accounts and user groups interacting with the BI Connector, ensuring the principle of least privilege is strictly enforced.

Proactive Monitoring: Security teams should implement enhanced monitoring on systems where the vulnerable driver is installed. Monitor for any unauthorized or unusual modifications to the BI Connector's configuration files and registry keys. Audit database and system logs for suspicious activity, such as queries originating from unexpected accounts or processes spawning from the BI Connector service with elevated privileges.

Compensating Controls: If immediate patching is not possible, implement compensating controls to mitigate risk. Restrict local logon rights on servers running the BI Connector to only essential administrative personnel. Deploy File Integrity Monitoring (FIM) solutions to alert on any changes to the driver's configuration files. Utilize application whitelisting to prevent the BI Connector service from executing unauthorized processes.

Public Exploit Available: false

Given the High severity rating (CVSS 7.8) and the direct path to privilege escalation, this vulnerability presents a critical risk to the organization. Although CVE-2025-12100 is not currently on the CISA KEV list, the potential for severe impact necessitates immediate action. We strongly recommend prioritizing the deployment of the vendor-supplied patch across all affected systems without delay. If patching cannot be performed immediately, the compensating controls listed above must be implemented and verified as a temporary mitigation.