Cyber Resilience

CVE-2025-47411

High

Published: 01 January 2026

Published
01 January 2026
Modified
06 January 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.1479 96.2th percentile
Risk Priority 60 floored blend · peak EPSS

Summary

CVE-2025-47411 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Apache Streampipes. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 3.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-4 (Identifier Management).

Deeper analysis

CVE-2025-47411 is a vulnerability in the user ID creation mechanism of Apache StreamPipes, affecting all versions through 0.97.0. It enables a user with a legitimate non-administrator account to swap the username of an existing user with that of an administrator by manipulating JWT tokens, thereby gaining administrative control over the application.

A legitimate non-administrator user can exploit this vulnerability remotely over the network with low attack complexity, requiring low privileges and no user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, score 8.1). Successful exploitation grants administrative privileges, leading to data tampering, unauthorized access, and other security issues. The issue is classified under CWE-269 (Improper Privilege Management).

Apache recommends upgrading to version 0.98.0, which addresses the vulnerability. Details are provided in the official Apache advisory at https://lists.apache.org/thread/lngko4ht2ok3o0rk9h0clgm4kb0lmt36 and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2025/12/29/14.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an…

more

attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommended to upgrade to version 0.98.0, which fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1134 Access Token Manipulation Stealth
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls.
Why these techniques?

JWT token manipulation by authenticated user directly enables privilege escalation to admin (T1068) via access token tampering (T1134).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24072Same vendor: Apache
CVE-2025-23015Same vendor: Apache
CVE-2026-40048Same vendor: Apache
CVE-2024-56373Same vendor: Apache
CVE-2026-49157Same vendor: Apache
CVE-2026-33858Same vendor: Apache
CVE-2026-39816Same vendor: Apache
CVE-2026-27314Same vendor: Apache
CVE-2026-41044Same vendor: Apache
CVE-2026-27172Same vendor: Apache

Affected Assets

apache
streampipes
0.69.0 — 0.98.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Ensures secure management of user identifiers to prevent swapping with administrative accounts during user ID creation.

prevent

Provides robust account management to mitigate flaws in user account creation that enable privilege escalation via username manipulation.

prevent

Mandates timely flaw remediation, such as patching to Apache StreamPipes 0.98.0, to eliminate the specific vulnerability.

References