Pipe Dreams: Stealing Admin Privileges in Apache StreamPipes (CVE-2025-47411)

Alon Barad

Software Engineer

Jan 2, 2026·6 min read·0 visits

PoC Available

Executive Summary (TL;DR)

Apache StreamPipes versions prior to 0.98.0 contain a critical flaw where a standard user can 'swap' their username with an administrator's. Due to improper validation during profile updates, the system accepts the change. Upon the next token issuance, the identity provider mints a JWT with full administrative privileges based on the hijacked username. This allows complete takeover of the IIoT platform.

A critical privilege escalation vulnerability in Apache StreamPipes allowing authenticated non-admin users to seize administrative control by exploiting a logic flaw in user identity management.

Attack Flow Diagram

Official Patches

ApacheOfficial Release Notes for 0.98.0 containing the fix.

Apache Mailing ListOfficial Disclosure Thread

Technical Appendix

CVSS Score

8.8/ 10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Probability

0.02%

Top 100% most exploited

Affected Systems

Apache StreamPipes 0.69.0Apache StreamPipes 0.70.0Apache StreamPipes 0.90.0Apache StreamPipes 0.93.0Apache StreamPipes 0.95.0Apache StreamPipes 0.97.0

Affected Versions Detail

Product	Affected Versions	Fixed Version
Apache StreamPipes Apache Software Foundation	< 0.98.0	0.98.0

Attribute	Detail
CVE ID	CVE-2025-47411
CVSS v4.0	8.8 (Critical)
CWE	CWE-269 (Improper Privilege Management)
Attack Vector	Network (Authenticated)
Affected Versions	< 0.98.0
EPSS Score	0.00020