CVE-2025-54947

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.7

Description A security issue exists due to the use of a hard-coded encryption key. The system employs a fixed, unchanging key for encryption, rather than dynamically generating or securely configuring it. An attacker could potentially obtain this key through reverse engineering or code analysis, which could lead to decryption of sensitive data or forging of encrypted information, resulting in information disclosure or unauthorized system access.

Recommendations Upgrade to version 2.1.7 to resolve the issue.