Apache · Apache Streampipes · CVE-2025-47411
**Name of the Vulnerable Software and Affected Versions**
Apache StreamPipes versions 0.69.0 through 0.97.0
**Description**
A flaw exists in Apache StreamPipes that allows a user with a non-administrator account to manipulate the user ID creation mechanism. This manipulation enables the swapping of a user's username with that of an existing administrator. Successful exploitation of this issue allows an attacker to gain administrative control over the application by manipulating JWT (JSON Web Token) tokens. This can lead to data tampering, unauthorized access, and other security issues. The issue impacts Apache StreamPipes deployments globally. The vulnerability involves the manipulation of JWT identity, specifically the ability to swap usernames with existing administrators.
**Recommendations**
Upgrade to version 0.98.0 to resolve the issue.