All 9 CVE vulnerabilities found in Apache StreamPark, with AI-generated Chinese analysis, references, and POCs.
Vendor: Apache Software Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-53960 | Apache StreamPark: Uses the user’s password as the secret key CWE-1240 | 7.5AI | HighAI | 2025-12-12 |
| CVE-2025-54947 | Apache StreamPark: Use hard-coded key vulnerability CWE-321 | 9.8AI | CriticalAI | 2025-12-12 |
| CVE-2025-54981 | Apache StreamPark: Weak Encryption Algorithm in StreamPark CWE-327 | 7.5AI | HighAI | 2025-12-12 |
| CVE-2025-30001 | Apache StreamPark: Authenticated users can trigger remote command execution CWE-279 | 8.1AI | HighAI | 2025-10-10 |
| CVE-2024-48988 | Apache StreamPark: SQL injection vulnerability CWE-564 | 9.8 | - | 2025-08-22 |
| CVE-2024-29070 | Apache StreamPark: session not invalidated after logout CWE-613 | 6.5AI | MediumAI | 2024-07-23 |
| CVE-2024-34457 | Apache StreamPark IDOR Vulnerability CWE-639 | 6.5AI | MediumAI | 2024-07-22 |
| CVE-2024-29178 | Apache StreamPark: FreeMarker SSTI RCE Vulnerability CWE-94 | 8.8AI | HighAI | 2024-07-18 |
| CVE-2024-29120 | Apache StreamPark: Information leakage vulnerability CWE-212 | 8.8AI | HighAI | 2024-07-17 |
All 9 known CVE vulnerabilities affecting Apache StreamPark with full Chinese analysis, references, and POCs where available.