A security vulnerability has been discovered in Apache NiFi, a popular data flow automation tool used by thousands of companies worldwide. The vulnerability, tracked as CVE-2025-27017, affects Apache NiFi versions 1.13.0 through 2.2.0 and could allow unauthorized access to sensitive MongoDB credentials.
NiFi is widely used to automate data pipelines for cybersecurity, observability, event streams, and generative AI applications. The vulnerability stems from the inclusion of MongoDB usernames and passwords in NiFi provenance events, which are records of how data is processed within the system.
“An authorized user with read access to the provenance events of those processors may see the credentials information,” the security advisory warns. This means that an attacker with access to the provenance records could potentially extract the MongoDB credentials and gain unauthorized access to sensitive data stored in the database.
The vulnerability has been addressed in Apache NiFi 2.3.0. Users of affected versions are strongly urged to upgrade to the latest release to mitigate the risk of credential exposure. The 2.3.0 release removes the credentials from provenance event records, preventing them from being accessed by unauthorized users.
Organizations using Apache NiFi should prioritize updating their systems to the latest version to protect their MongoDB credentials and prevent potential data breaches.
Related Posts:
- CVE-2024-52067: Sensitive Data Exposed in Apache NiFi Debug Logs
- CVE-2024-56512: Apache NiFi Vulnerability Exposes Sensitive Data to Unauthorized Users
- PoC Exploit Released for Apache NiFi Code Execution Vulnerability (CVE-2023-34212)
- MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products
- Data Breach Alert: MongoDB Customer Hit, Logs Accessed
