CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution

[Huajie Wang <benjobs () apache org>]

Severity: low 

Affected versions:

- Apache StreamPark 2.1.4 before 2.1.6

Description:

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark.

This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.

Credit:

Liufeng Yi (ylf () yiliufeng net) (reporter)

References:

https://streampark.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-30001