CNNVD-202510-2209 Information

CNNVD ID

CNNVD-202510-2209

Related CVE

CVE-2025-55039

• CNNVD Published: 2025-10-15

Description (Chinese)

Apache Spark是美国阿帕奇（Apache）基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 3.4.4之前版本、3.5.2之前版本和4.0.0之前版本存在安全漏洞，该漏洞源于使用不安全的默认网络加密密码进行节点间RPC通信，可能导致中间人攻击修改加密RPC流量。

Description (English)

Apache Spark is a large-scale data-processing engine of the Apache Foundation in the United States that supports non-revolving data flows and memory calculations. There is a security loophole in the previous, 3.5.2 and 4.0.0 versions of Apache Spark 3.4.4, which stems from the use of unsafe default network encryption passwords for inter-point RPC communications, which may result in intermediaries attacking the modification of encrypted RPC traffic.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-15

Last Modified

2026-02-24

References

https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq https://access.redhat.com/security/cve/cve-2025-55039 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://spark.apache.org/