Database Access Vulnerability in RevelaCode by Musombi
CVE-2025-54428
Currently unrated
What is CVE-2025-54428?
In versions prior to 1.0.1, the RevelaCode project unintentionally exposed a valid MongoDB Atlas URI, including embedded username and password, in a public repository. This exposure poses a risk of unauthorized access to sensitive production or staging databases, which could result in data exfiltration, modification, or deletion. Users are advised to rotate credentials immediately for the compromised database user and adopt a secret management solution, such as Vault, Doppler, or AWS Secrets Manager, to prevent future occurrences. Additionally, reviewing recent access logs for any suspicious activity is recommended to ensure data integrity.