CVE-2025-54981
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-15
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | streampark | From 2.0.0 (inc) to 2.1.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of a weak encryption method in Apache StreamPark. Specifically, it uses the AES cipher in ECB mode along with a weak random number generator to encrypt sensitive data, including JWT tokens. This weak encryption approach may expose sensitive authentication data to attackers.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive authentication data, such as JWT tokens, which could allow attackers to compromise user accounts or gain unauthorized access to systems protected by Apache StreamPark versions before 2.1.7.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache StreamPark to version 2.1.7, which fixes the issue related to weak encryption and weak random number generation.