CVE-2025-30001
CVE-2025-30001 is a high-severity vulnerability in Apache Streampark with a CVSS 3.x base score of 7.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-279.
Key facts
- Severity: High (CVSS 3.x base score 7.3)
- EPSS exploit prediction: 1% (40th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-33706
- Weakness: CWE-279
- Affected product: Apache Streampark
- Published:
- Last modified:
Description
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.
Frequently asked questions
- What is CVE-2025-30001?
- Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.
- How severe is CVE-2025-30001?
- CVE-2025-30001 has a CVSS 3.x base score of 7.3, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2025-30001 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (40th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-30001?
- CVE-2025-30001 affects Apache Streampark. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-30001?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-30001 have an EU (EUVD) identifier?
- Yes. CVE-2025-30001 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-33706.
- When was CVE-2025-30001 published?
- CVE-2025-30001 was published on 2025-10-10 and last updated on 2026-06-17.
References
- https://lists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m
- http://www.openwall.com/lists/oss-security/2025/09/04/1
Affected products (1)
- cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*
More vulnerabilities in Apache Streampark
- CVE-2025-54947 — Critical (CVSS 9.8): In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key…
- CVE-2022-45802 — Critical (CVSS 9.8): Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file…
- CVE-2024-29070 — Critical (CVSS 9.1): On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend…
- CVE-2022-46365 — Critical (CVSS 9.1): Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be…
- CVE-2024-29178 — High (CVSS 8.8): On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code…
- CVE-2023-52290 — High (CVSS 8.1): In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent…
All CVEs affecting Apache Streampark →
Other CWE-279 vulnerabilities
- CVE-2024-37734 — Critical (CVSS 9.8): An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid…
- CVE-2025-14025 — High (CVSS 8.5): A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the…
- CVE-2025-22843 — High (CVSS 7.8): Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may…
- CVE-2025-23263 — High (CVSS 7.6): NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause…
- CVE-2024-25621 — High (CVSS 7.3): containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0…
- CVE-2026-20062 — High (CVSS 7.2): A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode…