Plataforma
java
Componente
org.apache.streampipes:streampipes-parent
Corrigido em
0.97.1
0.98.0
CVE-2025-47411 is a security vulnerability affecting Apache StreamPipes versions up to 0.97.0. This flaw allows a legitimate, non-administrator user to manipulate the user ID creation mechanism, effectively swapping their username with that of an administrator. Successful exploitation can lead to administrative control, enabling data tampering and unauthorized access, and highlighting the need for immediate action.
The core impact of CVE-2025-47411 lies in the potential for unauthorized privilege escalation. An attacker, posing as a regular user, can exploit this vulnerability to assume the identity and permissions of an administrator within the Apache StreamPipes system. This grants them the ability to modify configurations, access sensitive data, and potentially compromise the entire platform. The manipulation of JWT tokens is a key component of this attack, enabling the attacker to impersonate an administrator without proper authentication. The blast radius extends to any data processed or managed by StreamPipes, as an administrator can access and alter it.
CVE-2025-47411 was published on 2026-01-01. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's nature suggests a relatively low barrier to exploitation once a suitable exploit is developed. The vulnerability is not currently listed on CISA KEV, and there are no confirmed reports of active exploitation at this time. The potential for JWT token manipulation shares similarities with other authentication bypass vulnerabilities, highlighting the importance of robust token security practices.
Organizations utilizing Apache StreamPipes for data processing and analytics are at risk, particularly those relying on the platform for critical business operations. Environments with weak user access controls or inadequate JWT token security practices are especially vulnerable. Shared hosting environments where multiple users share the same StreamPipes instance should be prioritized for patching.
• java / server:
find /opt/streampipes -type f -name '*.jar' -print0 | xargs -0 grep -i 'user id creation mechanism'• java / supply-chain: Review dependencies for known vulnerabilities using tools like OWASP Dependency-Check. • generic web: Monitor Apache StreamPipes access logs for unusual user login patterns or attempts to modify user profiles. • database (mysql, postgresql): Inspect StreamPipes database for suspicious user entries or altered permissions.
disclosure
Status do Exploit
EPSS
0.02% (percentil 6%)
The primary mitigation for CVE-2025-47411 is to upgrade Apache StreamPipes to version 0.98.0, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Review user account permissions and restrict access to sensitive functionalities. Implement stricter JWT token validation and rotation policies to minimize the impact of token manipulation. Monitor user activity logs for suspicious behavior, particularly any attempts to modify user profiles or access administrative functions. After upgrading to 0.98.0, confirm the fix by attempting a username swap with a non-administrator account; the operation should fail.
Actualice Apache StreamPipes a la versión 0.98.0 o superior. Esta versión corrige la vulnerabilidad de escalada de privilegios. La actualización evitará que usuarios no autorizados obtengan control administrativo sobre la aplicación.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-47411 is a vulnerability in Apache StreamPipes versions up to 0.97.0 that allows a non-administrator user to swap usernames with an administrator, potentially gaining administrative control.
If you are running Apache StreamPipes version 0.97.0 or earlier, you are potentially affected by this vulnerability. Upgrade to 0.98.0 to mitigate the risk.
The recommended fix is to upgrade Apache StreamPipes to version 0.98.0. If immediate upgrade is not possible, implement temporary workarounds like stricter JWT token validation.
There are currently no confirmed reports of active exploitation of CVE-2025-47411, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Apache StreamPipes security advisories on their website for the latest information and updates regarding CVE-2025-47411.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.