CVE-2025-54428

Critical

Published: 28 July 2025

Published

28 July 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 28.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54428 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials (T1589.001); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials (T1589.001) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 mandates secure management of authenticators like database credentials, prohibiting their embedding in source code and requiring use of secret managers to prevent exposure.

AC-22 Publicly Accessible Content good match

prevent

AC-22 requires review and restriction of publicly accessible content to prevent sensitive information such as hardcoded credentials from being committed to public repositories.

SA-10 Developer Configuration Management partial match

prevent

SA-10 enforces developer configuration management to control source code changes, reducing the risk of accidentally committing credentials to public repositories.

MITRE ATT&CK Enterprise TechniquesAI

T1589.001 Credentials Reconnaissance

Adversaries may gather credentials that can be used during targeting.

attack.mitre.org →

T1078.004 Cloud Accounts Stealth

Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

Exposed MongoDB Atlas credentials in public repository enable reconnaissance to gather victim credentials (T1589.001), use of valid cloud accounts for unauthorized access (T1078.004), and collection of data from databases (T1213.006), potentially facilitating exfiltration, modification, or deletion.

NVD Description

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could…

allow unauthorized access to production or staging databases, potentially leading to data exfiltration, modification, or deletion. This is fixed in version 1.0.1. Workarounds include: immediately rotating credentials for the exposed database user, using a secret manager (like Vault, Doppler, AWS Secrets Manager, etc.) instead of storing secrets directly in code, or auditing recent access logs for suspicious activity.

Deeper analysisAI

CVE-2025-54428 affects RevelaCode, an AI-powered faith-tech project that decodes biblical verses, prophecies, and global events into accessible language. In versions below 1.0.1, developers accidentally committed a valid MongoDB Atlas URI containing an embedded username and password to the public GitHub repository. This exposure, mapped to CWE-522 (Insufficiently Protected Credentials), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

Any attacker with internet access can retrieve the exposed credentials from the public repository, enabling unauthorized access to the associated production or staging MongoDB Atlas databases. Successful exploitation could result in full data exfiltration, modification, or deletion, depending on the database user's permissions, without requiring privileges, user interaction, or special conditions.

The vulnerability is fixed in RevelaCode version 1.0.1. Advisories recommend immediate credential rotation for the exposed database user, adoption of secret managers such as Vault, Doppler, or AWS Secrets Manager instead of hardcoding secrets, and auditing recent access logs for suspicious activity. Relevant details are available in the GitHub commit at https://github.com/musombi123/RevelaCode-Backend/commit/95005cf4bacf1b005aef9d4b8e85237c98492d83 and security advisory at https://github.com/musombi123/RevelaCode-Backend/security/advisories/GHSA-m253-qvcr-cr48.

Details

CWE(s): CWE-522

Affected Products

—

inferred from references and description; NVD did not file a CPE for this CVE

AI Security AnalysisAI

AI Category: Enterprise AI Assistants
Risk Domain: Supply Chain and Deployment
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: RevelaCode is an AI-powered application functioning as an assistant for decoding biblical content, fitting the Enterprise AI Assistants category despite the vulnerability being a general secrets exposure issue.

CVEs Like This One

CVE-2025-69271Shared CWE-522

CVE-2026-23658Shared CWE-522

CVE-2026-32606Shared CWE-522

CVE-2025-25650Shared CWE-522

CVE-2025-27650Shared CWE-522

CVE-2025-54863Shared CWE-522

CVE-2025-26492Shared CWE-522

CVE-2026-21670Shared CWE-522

CVE-2025-36568Shared CWE-522

CVE-2025-58130Shared CWE-522

References

https://github.com/musombi123/RevelaCode-Backend/commit/95005cf4bacf1b005aef9d4b8e85237c98492d83
security-advisories@github.com
https://github.com/musombi123/RevelaCode-Backend/security/advisories/GHSA-m253-qvcr-cr48
security-advisories@github.com