A serious security vulnerability in Apache StreamPipes allows regular users to become administrators by manipulating JWT tokens. The flaw (CVE-2025-47411) affects versions 0.69.0 through 0.97.0 and exploits a broken user ID creation system.
Attackers can simply swap their username for an existing admin account to gain full control. Once inside, they can access sensitive data, modify system settings, and potentially compromise entire data streaming infrastructures.
The attack requires no special skills or tools, making it especially dangerous for companies handling sensitive business data. Apache released version 0.98.0 to fix the issue and urges immediate upgrades.
Source: CyberSecurity News