CVE-2025-54981 — Use of a Broken or Risky Cryptographic Algorithm in Software Foundation Apache Streampark

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 92.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Streampark Apache Streampark

Timeline

PublishedDec 12

Description

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/streampark2.0.0 — 2.1.7

▶CVEListV5apache_software_foundation/apache_streampark2.0.0 — 2.1.7

🔴Vulnerability Details

CVEList

Apache StreamPark: Weak Encryption Algorithm in StreamPark↗2025-12-12

▶

OSV

Apache StreamPark uses a Weak Encryption Algorithm↗2025-12-12

▶

GHSA

Apache StreamPark uses a Weak Encryption Algorithm↗2025-12-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-54981 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶