CVE-2025-47411

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.1HIGH

EPSS

0.0%

top 94.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Streampipes Apache Software Foundation Apache Streampipes

Timeline

PublishedJan 1

Description

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommen…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/streampipes0.69.0 — 0.98.0

▶Mavenorg.apache.streampipes:streampipes-parent0.69.0 — 0.98.0

▶CVEListV5apache_software_foundation/apache_streampipes0.69.0 — 0.97.0

🔴Vulnerability Details

OSV

Apache StreamPipes has Improper Privilege Management issue↗2026-01-01

▶

CVEList

Apache StreamPipes: Leverage of User ID for Privilege Escalation↗2026-01-01

▶

GHSA

Apache StreamPipes has Improper Privilege Management issue↗2026-01-01

▶

🕵️Threat Intelligence

Wiz

CVE-2025-47411 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶