CVE-2025-55039 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-55039 PUBLISHED CVSS 4.599999904632568 MEDIUM

Apache Spark has Inadequate Encryption Strength

EPSS 0.06% · 17.9th percentile

Risk Scores

CVSS v4.0

4.599999904632568

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

EPSS Score

0.06%

17.9th percentile

Affected Products

Vendor	Product	Versions
Apache Software Foundation	Apache Spark	3.5.0, 0
apache	spark	0, 3.5.0
Apache Software Foundation	Apache Spark	0, 3.5.0
Maven	org.apache.spark:spark-network-common_2.12	3.5.0, 0
Maven	org.apache.spark:spark-network-common_2.13	3.5.0, 0

Timeline

Oct 14, 2025 PoC Published
Oct 14, 2025 PoC Published
Oct 15, 2025 CVE Published
Oct 15, 2025 EPSS Score
Oct 21, 2025 EPSS Score
Oct 26, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 6, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 13, 2025 CVE Updated
Nov 17, 2025 EPSS Score
Nov 23, 2025 EPSS Score

References

https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq vendor-advisory
http://www.openwall.com/lists/oss-security/2025/10/14/11 url
https://nvd.nist.gov/vuln/detail/CVE-2025-55039 advisory
https://github.com/apache/spark package

Open in Interactive Console →