TechRepublic reports that admin accounts could be covertly hijacked through the abuse of a new critical privilege escalation vulnerability in Apache StreamPipes, tracked as CVE-2025-47411.Threat actors could leverage the flaw in Apache StreamPipes versions 0.69.0 through 0.97.0, which originates from a faulty user identity creation mechanism, to obtain total admin control through JWT authentication token manipulation facilitated by the use of the administrator's account name, enabling the subsequent compromise of operational, proprietary, and customer information, according to Apache.Admin privileges permitted by the exploit could also be used by attackers to launch supply chain intrusions involving illicit code injections in processing workflows, data pipeline alteration, and backdoor delivery. Organizations have been urged to remediate the issue not only by upgrading to version 0.98.0 of the self-service industrial IoT toolbox but also by conducting user account audits and authentication log reviews.
Vulnerability Management, Patch/Configuration Management
Critical Apache StreamPipes flaw threatens admin account takeovers
(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds