CVE-2025-11535 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting MongoDB Connector for BI versions from 2.0.0 through 2.14.24 when installed via the MSI installer on Windows systems. The core issue arises because the installer does not correctly set Access Control Lists (ACLs) on custom installation directories, leaving them with overly permissive or unset permissions. This misconfiguration enables users with limited privileges on the system to escalate their privileges by modifying files or executables within these directories, potentially gaining administrative or SYSTEM-level access. The vulnerability requires local access with limited privileges but no user interaction, making it easier to exploit in environments where multiple users share the same system or where attackers have gained initial footholds with low privileges. The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) indicates a local attack vector with low complexity, partial privileges required, no user interaction, and high impact on confidentiality, integrity, and availability, with scope and security requirements also high. No public exploits are known yet, but the vulnerability poses a significant risk due to the potential for privilege escalation and subsequent full system compromise. The issue affects Windows installations of MongoDB Connector for BI, a tool widely used for integrating MongoDB data with business intelligence platforms, making it relevant for enterprises relying on these technologies.

The primary impact of CVE-2025-11535 is unauthorized privilege escalation on Windows systems running MongoDB Connector for BI. An attacker with limited local privileges can exploit the incorrect ACL settings to gain elevated privileges, potentially SYSTEM or administrative level. This can lead to full system compromise, allowing attackers to install malware, exfiltrate sensitive data, disrupt services, or move laterally within the network. Organizations using this connector in production environments, especially those with multi-user systems or shared environments, face increased risk of insider threats or attackers leveraging initial low-privilege access to escalate control. The vulnerability undermines the confidentiality, integrity, and availability of affected systems and data. Given the critical role of BI connectors in data analytics and decision-making, exploitation could also impact business operations and compliance with data protection regulations.

To mitigate CVE-2025-11535, organizations should immediately upgrade MongoDB Connector for BI to a patched version once available from MongoDB Inc. Until patches are released, administrators should manually verify and correct ACLs on custom installation directories to restrict permissions to only necessary system accounts and trusted administrators. Implement strict access controls and monitoring on Windows systems hosting the connector, including auditing file and directory permission changes. Limit local user privileges and avoid granting unnecessary write permissions to installation directories. Employ endpoint detection and response (EDR) tools to detect suspicious privilege escalation attempts. Additionally, consider isolating BI connector hosts from general user environments to reduce exposure. Regularly review and harden Windows security policies and ensure that MSI installations follow best practices for secure directory permissions. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential exploitation.