diff --git a/security.md b/security.md
index 38ee3a6179..3e55d9c8ba 100644
--- a/security.md
+++ b/security.md
@@ -59,6 +59,31 @@ before loading or deploying a model.
Known security issues
+CVE-2025-55039: Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks
+
+Severity: Moderate
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+- Versions prior to 3.4.4, 3.5.2 and 4.0.0
+
+Description:
+
+Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.
+When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.
+This vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.
+
+Mitigation:
+
+- Either configure `spark.network.crypto.cipher` to "AES/GCM/NoPadding" to enable authenticated encryption or enable SSL encryption by setting both `spark.ssl.enabled` and `spark.ssl.rpc.enabled` to "true", which provides stronger transport security.
+
+Credit:
+
+- Holden Karau
+
+
CVE-2023-32007: Apache Spark shell command injection vulnerability via Spark UI
This CVE is only an update to [CVE-2022-33891](#CVE-2022-33891) to clarify that version 3.1.3 is also
diff --git a/site/security.html b/site/security.html
index 1166f04a63..043bdbfc22 100644
--- a/site/security.html
+++ b/site/security.html
@@ -205,6 +205,36 @@ Is loading a machine learning model secure? Who is responsible for model sec
Known security issues
+CVE-2025-55039: Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks
+
+
Severity: Moderate
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+
+ - Versions prior to 3.4.4, 3.5.2 and 4.0.0
+
+
+Description:
+
+Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.
+When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.
+This vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.
+
+Mitigation:
+
+
+ - Either configure
spark.network.crypto.cipher to “AES/GCM/NoPadding” to enable authenticated encryption or enable SSL encryption by setting both spark.ssl.enabled and spark.ssl.rpc.enabled to “true”, which provides stronger transport security.
+
+
+Credit:
+
+
+
CVE-2023-32007: Apache Spark shell command injection vulnerability via Spark UI
This CVE is only an update to CVE-2022-33891 to clarify that version 3.1.3 is also
diff --git a/site/sitemap.xml b/site/sitemap.xml
index f70239e5c9..cdb7dc3ec5 100644
--- a/site/sitemap.xml
+++ b/site/sitemap.xml
@@ -1201,7 +1201,7 @@
weekly
- https://spark.apache.org/graphx/
+ https://spark.apache.org/sql/
weekly
@@ -1209,7 +1209,7 @@
weekly
- https://spark.apache.org/sql/
+ https://spark.apache.org/graphx/
weekly