Headline

GHSA-prv5-c2px-j9q3: Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

3 months ago

ghsa

Open in Source

#vulnerability #apache #git #java #auth #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2025-54947

Apache StreamPark has a hard-coded encryption key

High severity GitHub Reviewed Published Dec 12, 2025 to the GitHub Advisory Database • Updated Dec 12, 2025

Package

maven org.apache.streampark:streampark (Maven)

Affected versions

>= 2.0.0, < 2.1.7

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-54947
https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1
apache/streampark@39034db

Published to the GitHub Advisory Database

Dec 12, 2025

Last updated

Dec 12, 2025

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can