Cyber Security News

Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool.

The vulnerability, tracked as CVE-2025-27017, allows authorized users with read access to the system to view sensitive credentials used to connect to MongoDB databases.

 This security flaw affects multiple versions of Apache NiFi, prompting urgent action from users to protect their systems.

Details of the Vulnerability

The vulnerability causes MongoDB usernames and passwords to be included in NiFi provenance events generated by MongoDB components.

This means that anyone with access to these events can extract the credentials, potentially leading to unauthorized access to MongoDB databases.

The following versions of Apache NiFi are affected:

Affected ProductVersion RangeCVE
Apache NiFi1.13.0 to 2.2.0CVE-2025-27017

To mitigate this vulnerability, users are advised to upgrade to Apache NiFi 2.3.0, which removes these sensitive credentials from provenance event records. This version is not affected by this vulnerability.

The exposure of MongoDB credentials can have serious implications for data security.

Unauthorized access to these databases could lead to data breaches, tampering, or other malicious activities. Therefore, it is crucial for users of affected Apache NiFi versions to take immediate action.

Recommendation

Upgrade to Apache NiFi 2.3.0: The latest version of Apache NiFi removes the storage of MongoDB credentials in provenance records, thereby eliminating the risk posed by this vulnerability.

Monitor System Access: Ensure that only authorized personnel have access to the provenance events, minimizing potential exposure of credentials.

The vulnerability was discovered by Robert Creese, who has been credited with identifying and reporting this critical issue.

The Apache NiFi project team has acted swiftly to address the problem, emphasizing the importance of community involvement in maintaining software security.

By taking proactive measures and updating their systems, users can safeguard their data and prevent potential security breaches related to this vulnerability.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on…

9 hours ago

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI)…

9 hours ago

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise…

9 hours ago

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in…

10 hours ago

Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff

The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate…

10 hours ago

Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers

A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous…

11 hours ago