Sunday, May 4, 2025
HomeCVE/vulnerabilityApache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

Published on

SIEM as a Service

Follow Us on Google News

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool.

The vulnerability, tracked as CVE-2025-27017, allows authorized users with read access to the system to view sensitive credentials used to connect to MongoDB databases.

 This security flaw affects multiple versions of Apache NiFi, prompting urgent action from users to protect their systems.

- Advertisement - Google News

Details of the Vulnerability

The vulnerability causes MongoDB usernames and passwords to be included in NiFi provenance events generated by MongoDB components.

This means that anyone with access to these events can extract the credentials, potentially leading to unauthorized access to MongoDB databases.

The following versions of Apache NiFi are affected:

Affected ProductVersion RangeCVE
Apache NiFi1.13.0 to 2.2.0CVE-2025-27017

To mitigate this vulnerability, users are advised to upgrade to Apache NiFi 2.3.0, which removes these sensitive credentials from provenance event records. This version is not affected by this vulnerability.

The exposure of MongoDB credentials can have serious implications for data security.

Unauthorized access to these databases could lead to data breaches, tampering, or other malicious activities. Therefore, it is crucial for users of affected Apache NiFi versions to take immediate action.

Recommendation

Upgrade to Apache NiFi 2.3.0: The latest version of Apache NiFi removes the storage of MongoDB credentials in provenance records, thereby eliminating the risk posed by this vulnerability.

Monitor System Access: Ensure that only authorized personnel have access to the provenance events, minimizing potential exposure of credentials.

The vulnerability was discovered by Robert Creese, who has been credited with identifying and reporting this critical issue.

The Apache NiFi project team has acted swiftly to address the problem, emphasizing the importance of community involvement in maintaining software security.

By taking proactive measures and updating their systems, users can safeguard their data and prevent potential security breaches related to this vulnerability.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...