Apache Kafka Deserialization of Untrusted Data vulnerability

🗓️ 10 Jun 2025 09:30:31Reported by GitHub Advisory DatabaseType

Apache Kafka has a vulnerability allowing remote code execution via misconfigured login modules.

Reporter	Title	Published	Views	Family All 99
0day.today	Apache Druid JNDI Injection Remote Code Execution Exploit	27 Jun 202300:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	7 Mar 202303:26	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in kafka-clients-2.8.2.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-25194)	1 Feb 202413:37	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by vulnerabilities in the Apache Kafka (kafka-clients) and cryptography packages	9 Mar 202314:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	6 Jul 202318:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)	17 May 202321:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients	17 Feb 202604:39	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2023	1 Apr 202314:09	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Apache Kafka, IBM Operations Analytics - Log Analysis is affected by remote code execution and denial of service.	6 Jan 202615:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Operator for Apache Flink	30 Dec 202513:32	–	ibm

Vulners

Node

org.apache.kafka kafka_2.9.2Range<3.4.0maven

org.apache.kafka kafka_2.9.1Range<3.4.0maven

org.apache.kafka kafka_2.8.2Range<3.4.0maven

org.apache.kafka kafka_2.8.0Range<3.4.0maven

org.apache.kafka kafka_2.13Range<3.4.0maven

org.apache.kafka kafka_2.12Range<3.4.0maven

org.apache.kafka kafka_2.11Range<3.4.0maven

org.apache.kafka kafka_2.10Range<3.4.0maven

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27819
kafka	www.kafka.apache.org/cve-list
github	www.github.com/advisories/GHSA-26f8-x7cc-wqpc
github	www.github.com/advisories/GHSA-mcwh-c9pg-xw43

11 Dec 2025 20:20Current

7.7High risk

Vulners AI Score7.7

CVSS 3.18.8

EPSS0.94055

SSVC

CWE-502