Short answer
You can try. The full permutation of 12 words is 12! ≈ 479 million orderings — a regular laptop running btcrecover can scan this in 1-2 days. The checksum automatically filters out most invalid permutations, leaving a few hundred to a few thousand valid candidates — small enough to import each into a wallet and check against your known address. Prerequisite: every one of the 12 words must be spelled correctly. For 24 words, the math kills the approach.
Why this works for 12 words
BIP-39 works by packing 128 bits of entropy plus 4 bits of checksum into 132 bits, slicing into twelve 11-bit chunks, and looking up each chunk in the 2,048-word table. The order matters because each slot maps to specific bits of the 132-bit value. Swapping two words completely rearranges the middle of the bit string, the final 4 checksum bits no longer match the SHA-256 of the first 128 bits, and validation fails.
Brute-force is viable because of the checksum itself. While 12! has 479 million permutations, only 1 in 16 pass the checksum — about 30 million. Word-distribution non-uniformity drops this further to a few hundred to a few thousand actually-valid mnemonics. That's a tractable list to test against a known address.
Why 24 words is hopeless
24! is approximately 6.2 × 10^23 — comparable to the number of stars in the observable universe. Even after the checksum filter, the search space remains astronomical. If you have a 24-word mnemonic and only know some are out of order, the only practical recovery is recalling which words swapped — there is no brute-force path home.
The right tool
Open-source btcrecover handles this on a single CPU core. Run on an air-gapped Linux machine, configure with the known set of 12 words, expected derivation path, and a destination address. The first valid candidate that produces your address is the answer.
Further reading: Private keys and seed phrases, BIP-39.