Apache StreamPark: Use hard-coded key vulnerability_CVE-2025-54947

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

Basic Information

ID CVE-2025-54947

Source apache

Published Dec 12, 2025 at 15:11

Modified Dec 12, 2025 at 18:48

Affected Product

Vendor Apache Software Foundation

Product Apache StreamPark

Version 2.0.0

Affected Versions Apache Software Foundation Apache StreamPark 2.0.0

CWE Classification

CWE-321

References

lists.apache.org /thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1

{
    "lastseen": "",
    "description": "In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.",
    "published": "2025-12-12T15:11:38.279Z",
    "modified": "2025-12-12T18:48:51.364Z",
    "type": "cve",
    "title": "Apache StreamPark: Use hard-coded key vulnerability",
    "source": "apache",
    "references": "https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1",
    "id": "CVE-2025-54947",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache StreamPark 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache StreamPark",
    "version": "2.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}