A essential safety vulnerability has been recognized in Apache NiFi, a well-liked open-source knowledge integration device.
The vulnerability, tracked as CVE-2025-27017, permits approved customers with learn entry to the system to view delicate credentials used to hook up with MongoDB databases.
This safety flaw impacts a number of variations of Apache NiFi, prompting pressing motion from customers to guard their programs.
Particulars of the Vulnerability
The vulnerability causes MongoDB usernames and passwords to be included in NiFi provenance occasions generated by MongoDB parts.
Because of this anybody with entry to those occasions can extract the credentials, doubtlessly resulting in unauthorized entry to MongoDB databases.
The next variations of Apache NiFi are affected:
| Affected Product | Model Vary | CVE |
| Apache NiFi | 1.13.0 to 2.2.0 | CVE-2025-27017 |
To mitigate this vulnerability, customers are suggested to improve to Apache NiFi 2.3.0, which removes these delicate credentials from provenance occasion data. This model shouldn’t be affected by this vulnerability.
The publicity of MongoDB credentials can have critical implications for knowledge safety.
Unauthorized entry to those databases may result in knowledge breaches, tampering, or different malicious actions. Due to this fact, it’s essential for customers of affected Apache NiFi variations to take rapid motion.
Advice
Improve to Apache NiFi 2.3.0: The most recent model of Apache NiFi removes the storage of MongoDB credentials in provenance data, thereby eliminating the chance posed by this vulnerability.
Monitor System Entry: Make sure that solely approved personnel have entry to the provenance occasions, minimizing potential publicity of credentials.
The vulnerability was found by Robert Creese, who has been credited with figuring out and reporting this essential subject.
The Apache NiFi challenge staff has acted swiftly to handle the issue, emphasizing the significance of group involvement in sustaining software program safety.
By taking proactive measures and updating their programs, customers can safeguard their knowledge and stop potential safety breaches associated to this vulnerability.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get stay Entry with ANY.RUN -> Begin Now for Free.