CVE-2025-53960

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6

Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse engineering, code leaks, or password guessing, allowing decryption of stored or transmitted encrypted data and leading to sensitive information disclosure.

Recommendations Upgrade to version 2.1.7, which resolves the issue.