Vulnerability Description
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access. This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Streampark | >= 2.0.0, < 2.1.7 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1Mailing List
- http://www.openwall.com/lists/oss-security/2025/12/12/3Mailing List
FAQ
What is CVE-2025-54947?
CVE-2025-54947 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for e...
How severe is CVE-2025-54947?
CVE-2025-54947 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-54947?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Streampark.