FlagThis

A critical vulnerability, CVE-2025-27017, has been identified in Apache NiFi, a popular data flow automation tool used by thousands of companies. The flaw affects versions 1.13.0 through 2.2.0 and exposes MongoDB credentials. An authorized user with read access to the system provenance records may see the credentials used to connect to MongoDB databases, potentially extracting the MongoDB credentials and gaining unauthorized access to sensitive data.

The vulnerability stems from the inclusion of MongoDB usernames and passwords in NiFi provenance events. This poses a significant risk, potentially leading to data breaches or tampering. NiFi is widely used to automate data pipelines for cybersecurity, observability, event streams, and generative AI applications, making this a high-priority concern for organizations leveraging the affected versions.

The vulnerability has been addressed in Apache NiFi 2.3.0, which removes the credentials from provenance event records. Users of affected versions are strongly urged to upgrade to the latest release to mitigate the risk of credential exposure. Organizations using Apache NiFi should prioritize updating their systems to the latest version to protect their MongoDB credentials and prevent potential data breaches.

ImgSrc: blogger.googleu

References :

• Cyber Security News: Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers
• gbhackers.com: Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers
• securityonline.info: CVE-2025-27017: Apache NiFi Vulnerability Exposes MongoDB Credentials

Classification:

• HashTags: #ApacheNiFi #MongoDB #Vulnerability
• Company: Apache
• Target: MongoDB Databases
• Product: Apache NiFi
• Feature: Credential Exposure
• Malware: CVE-2025-27017
• Type: Vulnerability
• Severity: Medium