Encryption Vulnerability in Apache StreamPark Software by Apache
CVE-2025-54947

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Streampark
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-54947?

In Apache StreamPark versions 2.0.0 through 2.1.7, a significant security issue has been identified due to the use of a hard-coded encryption key. This vulnerability arises from the implementation of a fixed encryption key rather than a dynamically generated or properly configured one. As a result, attackers could potentially retrieve this key via reverse engineering or thorough code analysis, which may allow them to decrypt confidential data or create forged encrypted information. This could lead to unauthorized access to sensitive system components or data leaks, posing a serious risk to the integrity and confidentiality of user information. Users are strongly advised to upgrade to version 2.1.7 to mitigate this vulnerability.

Affected Version(s)

Apache StreamPark 2.0.0 < 2.1.7

References

https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

[email protected]

JSON