oss-sec mailing list archives

CVE-2025-54981: Apache StreamPark: Weak Encryption Algorithm in StreamPark


From: Huajie Wang <benjobs () apache org>
Date: Fri, 12 Dec 2025 15:01:04 +0000

Severity: important 

Affected versions:

- Apache StreamPark 2.0.0 before 2.1.7

Description:

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for 
encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

Credit:

omkar parkhe <omkarparth () gmail com> (finder)

References:

https://streampark.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-54981


Current thread: