Home

Description

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

PUBLISHED Reserved 2025-08-04 | Published 2025-12-12 | Updated 2025-12-12 | Assigner apache

Problem types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status
unaffected

2.0.0 (semver) before 2.1.7
affected

Credits

omkar parkhe <omkarparth@gmail.com> finder

References

www.openwall.com/lists/oss-security/2025/12/12/4

lists.apache.org/thread/9rbvdvwg5fdhzjdgyrholgso53r26998 vendor-advisory

cve.org (CVE-2025-54981)

nvd.nist.gov (CVE-2025-54981)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.