CVE-2025-11535 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting MongoDB Connector for BI versions from 2.0.0 through 2.14.24 when installed on Windows systems via MSI installers. The core issue arises because the MSI installation process does not correctly set Access Control Lists (ACLs) on custom installation directories. As a result, these directories inherit permissive or unset ACLs, allowing users with low-level privileges on the system to gain unauthorized access or modify files within the installation path. This misconfiguration can be exploited to escalate privileges locally, potentially allowing an attacker to execute code with higher privileges, alter data, or disrupt service availability. The vulnerability requires an attacker to have local access with low privileges but does not require user interaction, making it a significant risk in environments where multiple users share systems or where attackers have gained limited footholds. The CVSS 4.0 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation given the low privilege requirement and no need for user interaction. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity warrant immediate attention, especially in enterprise environments where MongoDB Connector for BI is deployed for business intelligence operations. The lack of official patches at the time of publication suggests that organizations must apply manual mitigations or monitor for vendor updates closely.

For European organizations, this vulnerability poses a significant risk, particularly in sectors relying heavily on MongoDB Connector for BI for data analytics and business intelligence, such as finance, manufacturing, healthcare, and government. Privilege escalation can lead to unauthorized access to sensitive business data, manipulation of analytics results, or disruption of critical reporting functions. This can result in data breaches, regulatory non-compliance (e.g., GDPR violations), financial losses, and reputational damage. The vulnerability's exploitation could also serve as a stepping stone for attackers to move laterally within networks, increasing the risk of broader compromise. Organizations with multi-user Windows environments or shared systems are especially vulnerable. The high severity and broad impact on confidentiality, integrity, and availability underscore the critical need for mitigation in European enterprises.

1. Immediately review and manually correct ACLs on all custom installation directories used by MongoDB Connector for BI on Windows systems to ensure restrictive permissions are enforced, limiting access to only necessary service accounts and administrators. 2. Restrict local user permissions on Windows hosts running MongoDB Connector for BI to prevent unauthorized modification of installation directories. 3. Implement application whitelisting and endpoint protection to detect and block unauthorized privilege escalation attempts. 4. Monitor system logs and file integrity for suspicious changes in the installation directories. 5. Isolate systems running MongoDB Connector for BI from general user environments to reduce the risk of local privilege escalation. 6. Stay updated with MongoDB Inc. for official patches or updated MSI installers that address this ACL misconfiguration. 7. Consider deploying the connector in containerized or virtualized environments with strict access controls to limit exposure. 8. Conduct regular security audits focusing on file permissions and local privilege escalation vectors on Windows servers hosting MongoDB components.