Summary: A security vulnerability (CVE-2025-27017) has been identified in Apache NiFi versions 1.13.0 to 2.2.0, which may allow unauthorized access to MongoDB credentials embedded in provenance events. This exposure could lead to significant security risks for organizations utilizing NiFi to manage data flows. Users are advised to upgrade to version 2.3.0, which addresses this issue by removing sensitive information from provenance records.
Affected: Apache NiFi users and organizations utilizing data flow automation.
Keypoints :
- Vulnerability tracked as CVE-2025-27017 affects Apache NiFi versions 1.13.0 to 2.2.0.
- Unauthorized users can access sensitive MongoDB credentials stored in provenance events.
- Upgrade to Apache NiFi 2.3.0 to mitigate risks and protect against data breaches.
Source: https://securityonline.info/cve-2025-27017-apache-nifi-vulnerability-exposes-mongodb-credentials/