PT-2025-31153 · Mongodb+1 · Mongodb Atlas+1
Published
2025-07-28
·
Updated
2025-07-28
·
CVE-2025-54428
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RevelaCode versions prior to 1.0.1
Description
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. A valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository in versions prior to 1.0.1. This could allow unauthorized access to production or staging databases, potentially leading to data exfiltration, modification, or deletion.
Recommendations
Versions prior to 1.0.1: Immediately rotate credentials for the exposed database user.
Versions prior to 1.0.1: Use a secret manager instead of storing secrets directly in code.
Versions prior to 1.0.1: Audit recent access logs for suspicious activity.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Atlas
Revelacode