A critical vulnerability (CVE-2025-27017) in Apache NiFi exposes MongoDB authentication credentials through system provenance records, impacting versions 1.13.0 through 2.2.0. The flaw allows authorized users with provenance event access to extract sensitive database credentials, creating secondary attack vectors for potential data breaches. Technical Analysis The vulnerability stems from MongoDBControllerService components storing cleartext credentials in NiFi’s … Continue reading Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers