Cyber Resilience

CVE-2025-54428

Critical

Published: 28 July 2025

Published
28 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 62.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54428 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials (T1589.001); ranked in the top 38.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-54428 affects RevelaCode, an AI-powered faith-tech project that decodes biblical verses, prophecies, and global events into accessible language. In versions below 1.0.1, developers accidentally committed a valid MongoDB Atlas URI containing an embedded username and password to the public GitHub repository. This exposure, mapped to CWE-522 (Insufficiently Protected Credentials), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

Any attacker with internet access can retrieve the exposed credentials from the public repository, enabling unauthorized access to the associated production or staging MongoDB Atlas databases. Successful exploitation could result in full data exfiltration, modification, or deletion, depending on the database user's permissions, without requiring privileges, user interaction, or special conditions.

The vulnerability is fixed in RevelaCode version 1.0.1. Advisories recommend immediate credential rotation for the exposed database user, adoption of secret managers such as Vault, Doppler, or AWS Secrets Manager instead of hardcoding secrets, and auditing recent access logs for suspicious activity. Relevant details are available in the GitHub commit at https://github.com/musombi123/RevelaCode-Backend/commit/95005cf4bacf1b005aef9d4b8e85237c98492d83 and security advisory at https://github.com/musombi123/RevelaCode-Backend/security/advisories/GHSA-m253-qvcr-cr48.

EU & UK References

Vulnerability details

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could…

more

allow unauthorized access to production or staging databases, potentially leading to data exfiltration, modification, or deletion. This is fixed in version 1.0.1. Workarounds include: immediately rotating credentials for the exposed database user, using a secret manager (like Vault, Doppler, AWS Secrets Manager, etc.) instead of storing secrets directly in code, or auditing recent access logs for suspicious activity.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1589.001 Credentials Reconnaissance
Adversaries may gather credentials that can be used during targeting.
T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

Exposed MongoDB Atlas credentials in public repository enable reconnaissance to gather victim credentials (T1589.001), use of valid cloud accounts for unauthorized access (T1078.004), and collection of data from databases (T1213.006), potentially facilitating exfiltration, modification, or deletion.

CVEs Like This One

CVE-2026-23958Shared CWE-522
CVE-2026-35467Shared CWE-522
CVE-2026-21670Shared CWE-522
CVE-2026-39462Shared CWE-522
CVE-2026-32171Shared CWE-522
CVE-2026-33575Shared CWE-522
CVE-2025-54863Shared CWE-522
CVE-2025-0498Shared CWE-522
CVE-2025-13478Shared CWE-522
CVE-2024-23733Shared CWE-522

Affected Assets

In
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates secure management of authenticators like database credentials, prohibiting their embedding in source code and requiring use of secret managers to prevent exposure.

prevent

AC-22 requires review and restriction of publicly accessible content to prevent sensitive information such as hardcoded credentials from being committed to public repositories.

prevent

SA-10 enforces developer configuration management to control source code changes, reducing the risk of accidentally committing credentials to public repositories.

References