CVE-2025-30001

CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution

Vendor Apache Software Foundation

Product Apache StreamPark

Weakness CWE-279

Published October 10, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.

Key dates

Disclosure timeline

October 10, 2025 CVE published

November 4, 2025 Record updated