CVE-2025-30001

CWE-2794 documents4 sources
Severity
7.3HIGH
EPSS
0.2%
top 57.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache StreamparkApache Streampark
Timeline
PublishedOct 10

Description

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

NVDapache/streampark2.1.42.1.6

🔴Vulnerability Details

3
CVEList
Apache StreamPark: Authenticated users can trigger remote command execution2025-10-10
GHSA
Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability2025-10-10
OSV
Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability2025-10-10
CVE-2025-30001 (HIGH CVSS 7.3) | Incorrect Execution-Assigned Permis | cvebase.io