Weak Encryption Vulnerability in Apache StreamPark Affects Sensitive Data Protection
CVE-2025-53960

5.9MEDIUM

Key Information:

Vendor: Apache
Status: Apache Streampark
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-53960?

This vulnerability in Apache StreamPark arises from the use of weak encryption keys, which can be either fixed or directly derived from user passwords. Attackers may exploit this flaw through various means, including reverse engineering or password guessing, to obtain these keys. Once compromised, these keys allow unauthorized access to decrypted sensitive data, which could potentially lead to severe data breaches and compromise of user privacy.

Affected Version(s)

Apache StreamPark 2.0.0 < 2.1.7

References

https://lists.apache.org/thread/xlpvfzf5l5m5mfyjwrz5h4dss...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Jul 15, 2025

Credit

omkar parkhe <[email protected]>

JSON