1. Home
  2. CVE Database
  3. CVE-2025-47411
HIGH · 8.1

CVE-2025-47411

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with th...

Vulnerability Description

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.  This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommended to upgrade to version 0.98.0, which fixes the issue.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
ApacheStreampipes>= 0.69.0, < 0.98.0

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2025-47411?

CVE-2025-47411 is a vulnerability with a CVSS score of 8.1 (HIGH). A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with th...

How severe is CVE-2025-47411?

CVE-2025-47411 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-47411?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Streampipes.