Information Disclosure

🗓️ 18 Mar 2025 02:46:17Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 18 Views

Vulnerability in NiFi allows authorized users to access MongoDB authentication credentials.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2025-27017	11 Mar 202515:36	–	circl
CNNVD	Apache NiFi 安全漏洞	12 Mar 202500:00	–	cnnvd
CVE	CVE-2025-27017	12 Mar 202516:19	–	cve
Cvelist	CVE-2025-27017 Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record	12 Mar 202516:19	–	cvelist
EUVD	EUVD-2025-7727	3 Oct 202520:07	–	euvd
Github Security Blog	Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record	12 Mar 202518:32	–	github
NVD	CVE-2025-27017	12 Mar 202517:15	–	nvd
OSV	GHSA-35GQ-CVRM-XF94 Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record	12 Mar 202518:32	–	osv
Positive Technologies	PT-2025-11109 · Apache · Apache Nifi	11 Mar 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-27017	14 Mar 202522:26	–	redhatcve

Vulners

Node

apache nifi-mongodb-servicesRange1.13.0–2.2.0java

OR

apache nifi-mongodb-servicesMatch1.13.0java

OR

apache nifi-mongodb-servicesMatch1.13.1java

OR

apache nifi-mongodb-servicesMatch1.13.2java

OR

apache nifi-mongodb-servicesMatch1.14.0java

OR

apache nifi-mongodb-servicesMatch1.15.0java

OR

apache nifi-mongodb-servicesMatch1.15.1java

OR

apache nifi-mongodb-servicesMatch1.15.2java

OR

apache nifi-mongodb-servicesMatch1.15.3java

OR

apache nifi-mongodb-servicesMatch1.16.0java

OR

apache nifi-mongodb-servicesMatch1.16.1java

OR

apache nifi-mongodb-servicesMatch1.16.2java

OR

apache nifi-mongodb-servicesMatch1.16.3java

OR

apache nifi-mongodb-servicesMatch1.17.0java

OR

apache nifi-mongodb-servicesMatch1.18.0java

OR

apache nifi-mongodb-servicesMatch1.19.0java

OR

apache nifi-mongodb-servicesMatch1.19.1java

OR

apache nifi-mongodb-servicesMatch1.20.0java

OR

apache nifi-mongodb-servicesMatch1.21.0java

OR

apache nifi-mongodb-servicesMatch1.22.0java

OR

apache nifi-mongodb-servicesMatch1.23.0java

OR

apache nifi-mongodb-servicesMatch1.23.1java

OR

apache nifi-mongodb-servicesMatch1.23.2java

OR

apache nifi-mongodb-servicesMatch1.24.0java

OR

apache nifi-mongodb-servicesMatch1.25.0java

OR

apache nifi-mongodb-servicesMatch1.26.0java

OR

apache nifi-mongodb-servicesMatch1.27.0java

OR

apache nifi-mongodb-servicesMatch1.28.0java

OR

apache nifi-mongodb-servicesMatch1.28.1java

OR

apache nifi-mongodb-servicesMatch2.0.0java

OR

apache nifi-mongodb-servicesMatch2.0.0-m1java

OR

apache nifi-mongodb-servicesMatch2.0.0-m2java

OR

apache nifi-mongodb-servicesMatch2.0.0-m3java

OR

apache nifi-mongodb-servicesMatch2.0.0-m4java

OR

apache nifi-mongodb-servicesMatch2.1.0java

Source	Link
openwall	www.openwall.com/lists/oss-security/2025/03/11/1
github	www.github.com/apache/nifi/commit/48d684500f6ad70f65bfd510db054590c5bc74a9
issues	www.issues.apache.org/jira/browse/NIFI-14272
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27017
lists	www.lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q
github	www.github.com/apache/nifi

13 Dec 2025 04:20Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

CVSS 46.9

EPSS0.00099

SSVC

information disclosure nifi vulnerability mongodb credentials sensitive information