CVE-2025-27817

🗓️ 10 Jun 2025 07:55:14Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 300 Views🌐 WEB

Arbitrary file read and SSRF vulnerability in Apache Kafka Client affects configuration data handling.

Reporter	Title	Published	Views	Family All 81
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache kafka-client may affect IBM Business Automation Workflow - CVE-2025-27817, CVE-2025-27818	6 Nov 202510:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Kafka affects IBM watsonx Orchestrate with watsonx Assistant Cartridge	25 Aug 202515:57	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	11 Sep 202518:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Kafka Client affects IBM watsonx Orchestrate with watsonx Assistant Cartridge	12 Dec 202520:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities	13 Oct 202520:59	–	ibm
IBM Security Bulletins	Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data	11 Sep 202508:52	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.	23 Dec 202508:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed	28 Oct 202506:30	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)	4 Aug 202506:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Kafka ( CVE-2025-27817,CVE-2025-27818 & CVE-2025-27819 )	22 Aug 202512:52	–	ibm

NVD

Vulners

Node

apache kafkaRange3.1.0–3.9.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Kafka Client",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "3.9.0",
        "status": "affected",
        "version": "3.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
kafka	www.kafka.apache.org/cve-list
openwall	www.openwall.com/lists/oss-security/2025/06/09/1

Parameter	Position	Path	Description	CWE
oauth.token.endpoint.uri	nested	keycloak:8080/realms/kafka-realm/protocol/openid-connect/token	OAuth token endpoint used by Kafka client for token acquisition; can be abused if untrusted parties configure endpoints to read local files or contact unintended locations.	CWE-918
oauth.jwks.endpoint.uri	nested	keycloak:8080/realms/kafka-realm/protocol/openid-connect/certs	JWKS endpoint used by Kafka client to validate JWT signatures; may be abused to reach arbitrary resources if not restricted.	CWE-918
oauth.token.endpoint.uri	nested	localhost:8080/realms/kafka-realm/protocol/openid-connect/token	External token endpoint example from document; potential SSRF/arbitrary access if not restricted.	CWE-918
oauth.jwks.endpoint.uri	nested	localhost:8080/realms/kafka-realm/protocol/openid-connect/certs	External JWKS endpoint example from document; potential SSRF/arbitrary access if not restricted.	CWE-918

11 Jul 2025 16:58Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.5

EPSS0.21423

SSVC