CVE-2025-47411
published 2026-01-01CVE-2025-47411: A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap…
PriorityP264high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
14.79%
96.3th percentile
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.
This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues.
This issue affects Apache StreamPipes: through 0.97.0.
Users are recommended to upgrade to version 0.98.0, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | streampipes | >= 0.69.0 < 0.98.0 | 0.98.0 |
| apache_software_foundation | apache_streampipes | 0.69.0 – 0.97.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for JWT token manipulation attempts where a non-admin user's token contains or references an administrator's username/user ID, indicating exploitation of the user ID creation mechanism in Apache StreamPipes. ↗
- →Monitor Apache StreamPipes instances running version 0.97.0 or earlier for privilege escalation activity, specifically non-admin accounts performing admin-level actions. ↗
- →Alert on user ID creation or registration requests in Apache StreamPipes where the submitted username matches an existing administrator account, as this is the core mechanism of the swap attack. ↗
- ·The vulnerability exists in the Maven package org.apache.streampipes:streampipes-parent. Only versions through 0.97.0 are affected; version 0.98.0 contains the fix. ↗
- ·No public exploit code is currently available for this CVE, limiting immediate weaponization risk, but the attack vector requires only a legitimate non-administrator account. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache StreamPipes has Improper Privilege Management issue
osv·2026-01-01
CVE-2025-47411 [MEDIUM] Apache StreamPipes has Improper Privilege Management issue
Apache StreamPipes has Improper Privilege Management issue
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.
This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues.
This issue affects Apache StreamPipes: through 0.97.0.
Users are recommended to upgrade to version 0.98.0, which fixes the issue.
GHSA
Apache StreamPipes has Improper Privilege Management issue
ghsa·2026-01-01
CVE-2025-47411 [MEDIUM] CWE-269 Apache StreamPipes has Improper Privilege Management issue
Apache StreamPipes has Improper Privilege Management issue
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.
This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues.
This issue affects Apache StreamPipes: through 0.97.0.
Users are recommended to upgrade to version 0.98.0, which fixes the issue.
No detection rules found.
No public exploits indexed.
Checkpoint
5th January – Threat Intelligence Report
blogs_checkpoint·2026-01-05
CVE-2025-14346 5th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 5th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 5th January, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Two US banks, Artisans’ Bank and VeraBank, disclosed that customer data was exposed in an August ransomware attack on their vendor, Marquis Software. The vendor was breached via SonicWall vulnerability, and while the banks’ own systems were not compromised, researchers estimate the incident may have affected in total up to
Wiz
CVE-2025-47411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-47411 [HIGH] CVE-2025-47411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-47411 :
Java vulnerability analysis and mitigation
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.
This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues.
This issue affects Apache StreamPipes: through 0.97.0.
Users are recommended to upgrade to version 0.98.0, which fixes the issue.
Source : NVD
## 8.1
Score
Published January 1, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Java
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Rele
2026-01-01
Published