CVE-2025-27017

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

Published: Mar 12, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-27017
GHSA: GHSA-35gq-cvrm-xf94
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-538

Affected Software
References

Software	From	Fixed in
org.apache.nifi / nifi-mongodb-services	1.13.0	2.3.0
apache / nifi	1.13.0	2.3.0

http://www.openwall.com/lists/oss-security/2025/03/11/1
https://github.com/apache/nifi/commit/48d684500f6ad70f65bfd510db054590c5bc74a9
https://issues.apache.org/jira/browse/NIFI-14272
https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q

Vulnerability Database

CVE-2025-27017