Apache

Apache NiFi Security Flaw Exposes MongoDB Credentials 

Security Advisory

A security vulnerability, CVE-2025-27017, has been identified in Apache NiFi.

These events retain usernames/passwords used for MongoDB authentication, violating credential isolation principles.

OEM Apache 
Severity Medium 
CVSS 6.9 
CVEs CVE-2025-27017 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A widely used data flow automation tool which allows unauthorized access to MongoDB credentials stored in provenance events. The Versions are affected from v1.13.0 to v2.2.0. In v2.3.0 the issue has been addressed. 

Vulnerability Name CVE ID Product Affected Severity 
 Apache NiFi Credential Exposure  CVE-2025-27017  Apache NiFi  Medium 

Technical Summary 

The vulnerability stems from Apache NiFi’s inclusion of MongoDB usernames and passwords in provenance event records.

Any authorized user with read access to these records can extract credentials information, leading to potential unauthorized access to MongoDB databases.  

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-27017   Apache NiFi 1.13.0 – 2.2.0   MongoDB credentials are stored in provenance events, allowing unauthorized extraction by users with read access.  Unauthorized access to MongoDB databases, potential data breaches.  

Remediation

  • Upgrade to Apache NiFi 2.3.0: The latest version removes credentials from provenance events, mitigating the vulnerability. 

General Recommendations: 

  • Restrict access to provenance data: Ensure only authorized personnel can view provenance records. 
  • Rotate MongoDB credentials: If affected versions were in use, change database credentials to prevent unauthorized access. 
  • Conduct security audits: Regularly review system logs and access controls to identify any unauthorized access attempts. 

Conclusion: 

This vulnerability poses a risk to organizations using Apache NiFi for data processing workflows involving MongoDB. Immediate action is recommended to upgrade to version 2.3.0 or later, restrict access to provenance data, and rotate credentials to mitigate any potential exposure. Organizations should implement stringent security measures to protect against similar vulnerabilities in the future.

This security flaw is particularly concerning because provenance events play a crucial role in auditing and monitoring data flows within NiFi. If left unpatched, this vulnerability could result in data breaches, unauthorized modifications, or even complete database compromise.

References: 

Critical Apache Tomcat Vulnerabilities Allow RCE & DoS

Summary

OEMApache
SeverityCritical
CVSS9.8
CVEsCVE-2024-50379, CVE-2024-54677
Exploited in WildYes
Patch/Remediation AvailableYes
Advisory Version1.0

Overview

Recent vulnerabilities in Apache Tomcat, identified as CVE-2024-50379 and CVE-2024-54677, present significant security threats, including remote code execution (RCE) and denial-of-service (DoS) risks. CVE-2024-50379 exploits a race condition during JSP compilation on case-insensitive file systems, enabling attackers to run arbitrary code. CVE-2024-54677 takes advantage of unlimited file uploads in example applications to trigger resource exhaustion.

Vulnerability NameCVE IDProduct AffectedSeverityAffected Version
Race Condition Vulnerability CVE-2024-50379ApacheCriticalApache Tomcat 11.0.0-M1 to 11.0.1 Apache Tomcat 10.1.0-M1 to 10.1.33 Apache Tomcat 9.0.0.M1 to 9.0.97
Uncontrolled Resource Consumption Vulnerability CVE-2024-54677ApacheMediumApache Tomcat 11.0.0-M1 to 11.0.1 Apache Tomcat 10.1.0-M1 to 10.1.33 Apache Tomcat 9.0.0.M1 to 9.0.97

Technical Summary

CVE IDSystem AffectedVulnerability DetailsImpact
CVE-2024-50379Apache TomcatA race condition during JSP compilation in Apache Tomcat allows attackers to upload malicious JSP files, leading to remote code execution. This occurs when the default servlet is configured with write permissions on a case-insensitive file system.    Remote Code Execution
CVE-2024-54677Apache TomcatThe examples web application in Apache Tomcat does not limit the size of uploaded data, enabling attackers to cause an OutOfMemoryError by uploading excessive amounts of data, leading to a denial of service.    Denial of Service

Remediation:

  • Upgrade Apache Tomcat to the latest fixed versions:
    • Apache Tomcat 11.0.2 or latest
    • Apache Tomcat 10.1.34 or latest
    • Apache Tomcat 9.0.98 or latest

Recommendations:

  • Configuration Hardening:
    • Restrict write permissions for the default servlet to prevent unauthorized JSP file uploads.
    • Remove or disable example applications to reduce exposure to potential attacks.
  • Monitor and Audit:
    • Regularly review server logs for signs of exploitation attempts.
    • Apply a robust file upload policy to limit sizes and validate content.
  • Regularly update all your software’s to address security vulnerabilities 

References:

Scroll to top