Security researchers have uncovered a significant vulnerability in Apache NiFi that exposes MongoDB credentials in plain sight. The flaw, tracked as CVE-2025-27017, affects versions 1.13.0 through 2.2.0 of the popular data processing platform. Security researcher Robert Creese found the bug, which is basically a rookie mistake – credentials stored in plaintext within provenance events. Not great.
The vulnerability specifically involves MongoDBControllerService components, which record usernames and passwords in NiFi’s provenance events – those audit trails that track data lineage in workflows. Organizations should apply the principle of least privilege to their NiFi provenance APIs using role-based access control for enhanced security. Anyone with authorized access to NiFi and read permissions for provenance data can view these exposed credentials. Just sitting there. Like leaving your house keys under the doormat. This issue echoes the broader problem seen with MongoDB databases which often lack password protection mechanisms by default.
With a CVSS score of 6.5, this medium-severity issue shouldn’t be underestimated. The attack prerequisites aren’t exactly Fort Knox either. An attacker just needs basic NiFi access and read permissions for provenance endpoints. Internal threats or compromised accounts could easily exploit this vulnerability, potentially gaining unauthorized access to sensitive MongoDB databases. Continuous scanning of systems would help identify such vulnerabilities before they can be exploited.
The impact is particularly concerning for regulated industries handling sensitive data. Exposed credentials could lead to database breaches, data theft, or lateral movement across systems if credentials are reused. Pretty much a security nightmare waiting to happen.
Apache has fixed the issue in NiFi version 2.3.0 by removing credentials from provenance records. Users should upgrade immediately and rotate all MongoDB passwords used in their workflows. Those stuck with older versions? They’re not completely doomed but should implement strict access controls for the provenance subsystem.
This vulnerability highlights a broader issue: the risks of credential persistence in logging systems. It’s a stark reminder that even security-focused platforms like NiFi can inadvertently expose sensitive information. Organizations running data pipelines should take note. Proper credential handling isn’t optional – it’s essential.
