CVE-2025-30001

HIGH7.3EPSS 0.27%

Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability

Published: 10/10/2025Modified: 11/5/2025

Description

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. Version 2.1.6 has yet to be published in the Maven registry.

Affected packages (1)

Maven/org.apache.streampark:streamparkfrom 0, <= 2.1.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30001
PATCHhttps://github.com/apache/streampark
WEBhttps://lists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m
WEBhttp://www.openwall.com/lists/oss-security/2025/09/04/1