A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool.
The vulnerability, tracked as CVE-2025-27017, allows authorized users with read access to the system to view sensitive credentials used to connect to MongoDB databases.
https://gbhackers.com/apache-nifi-vulnerability/