Security Advisory
A security vulnerability, CVE-2025-27017, has been identified in Apache NiFi.
These events retain usernames/passwords used for MongoDB authentication, violating credential isolation principles.
OEM | Apache |
Severity | Medium |
CVSS | 6.9 |
CVEs | CVE-2025-27017 |
Exploited in Wild | No |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
A widely used data flow automation tool which allows unauthorized access to MongoDB credentials stored in provenance events. The Versions are affected from v1.13.0 to v2.2.0. In v2.3.0 the issue has been addressed.
Vulnerability Name | CVE ID | Product Affected | Severity |
Apache NiFi Credential Exposure | CVE-2025-27017 | Apache NiFi | Medium |
Technical Summary
The vulnerability stems from Apache NiFi’s inclusion of MongoDB usernames and passwords in provenance event records.
Any authorized user with read access to these records can extract credentials information, leading to potential unauthorized access to MongoDB databases.
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2025-27017 | Apache NiFi 1.13.0 – 2.2.0 | MongoDB credentials are stored in provenance events, allowing unauthorized extraction by users with read access. | Unauthorized access to MongoDB databases, potential data breaches. |
Remediation:
General Recommendations:
Conclusion:
This vulnerability poses a risk to organizations using Apache NiFi for data processing workflows involving MongoDB. Immediate action is recommended to upgrade to version 2.3.0 or later, restrict access to provenance data, and rotate credentials to mitigate any potential exposure. Organizations should implement stringent security measures to protect against similar vulnerabilities in the future.
This security flaw is particularly concerning because provenance events play a crucial role in auditing and monitoring data flows within NiFi. If left unpatched, this vulnerability could result in data breaches, unauthorized modifications, or even complete database compromise.
References: