CVE-2025-47411
Published: 01 January 2026
Summary
CVE-2025-47411 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Apache Streampipes. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-4 (Identifier Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Ensures secure management of user identifiers to prevent swapping with administrative accounts during user ID creation.
Provides robust account management to mitigate flaws in user account creation that enable privilege escalation via username manipulation.
Mandates timely flaw remediation, such as patching to Apache StreamPipes 0.98.0, to eliminate the specific vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
JWT token manipulation by authenticated user directly enables privilege escalation to admin (T1068) via access token tampering (T1134).
NVD Description
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an…
more
attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommended to upgrade to version 0.98.0, which fixes the issue.
Deeper analysisAI
CVE-2025-47411 is a vulnerability in the user ID creation mechanism of Apache StreamPipes, affecting all versions through 0.97.0. It enables a user with a legitimate non-administrator account to swap the username of an existing user with that of an administrator by manipulating JWT tokens, thereby gaining administrative control over the application.
A legitimate non-administrator user can exploit this vulnerability remotely over the network with low attack complexity, requiring low privileges and no user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, score 8.1). Successful exploitation grants administrative privileges, leading to data tampering, unauthorized access, and other security issues. The issue is classified under CWE-269 (Improper Privilege Management).
Apache recommends upgrading to version 0.98.0, which addresses the vulnerability. Details are provided in the official Apache advisory at https://lists.apache.org/thread/lngko4ht2ok3o0rk9h0clgm4kb0lmt36 and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2025/12/29/14.
Details
- CWE(s)