Kafka Security Vulnerabilities and Issues — Kafka CVE List

Lucene search

ApacheKafka

3 matches found

CVE•added 2025/06/10 8:15 a.m.•165 views

CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Ap...

7.5CVSS6.9AI score0.00041EPSS

CVE•added 2025/06/10 8:15 a.m.•125 views

CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka.This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS configand a SASL-based security protocol, which ha...

8.8CVSS7.2AI score0.00264EPSS

CVE•added 2025/06/10 8:15 a.m.•76 views

CVE-2025-27819

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to...

7.5CVSS6.8AI score0.94188EPSS