CVE-2025-30001 — Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerabi

Description

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. Version 2.1.6 has yet to be published in the Maven registry.

How to fix CVE-2025-30001

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2025-30001 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 2.1.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-30001
PATCHgithub.com/apache/streampark
WEBlists.apache.org/thread/xfmsvhkcnr1831n0w5ovy3p44lsmfb7m
WEBwww.openwall.com/lists/oss-security/2025/09/04/1