CVE-2025-47411

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. <br /> <br /> This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues.<br /> <br /> <br /> <br /> <br /> <br /> <br /> This issue affects Apache StreamPipes: through 0.97.0.<br /> <br /> Users are recommended to upgrade to version 0.98.0, which fixes the issue.