CNNVD-202510-1116 Information
Oct 08, 2025
cve
CNNVD ID
CNNVD-202510-1116
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
MongoDB是美国MongoDB公司的一种面向文档的数据库管理系统。 MongoDB 2.0.0版本至2.14.24版本存在安全漏洞,该漏洞源于Windows上通过MSI安装时未设置自定义安装目录的ACL,可能导致权限提升。
Description (English)
MongoDB is a file-oriented database management system of the United States company MongoDB. There is a security loophole between MongoDB version 2.0.0 and version 2.14.24, which originates from the ACL on Windows that was installed through MSI without a custom installation directory, which may lead to an increase in privileges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MongoDB
Published
2025-10-08
Last Modified
2026-02-24
References
https://www.mongodb.com/docs/bi-connector/current/release-notes/#bi-2.14.25
Patch
https://www.mongodb.com/try/download/bi-connector
Share on: