CVE-2025-27819

{"id": "CVE-2025-27819", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-10T08:15:22.687", "references": [{"url": "https://kafka.apache.org/cve-list", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource.\n\n\nSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage in SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka 3.4.0, and \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" is disabled by default in in Apache Kafka 3.9.1/4.0.0"}, {"lang": "es", "value": "En CVE-2023-25194, anunciamos un ataque de RCE/denegaci\u00f3n de servicio mediante la configuraci\u00f3n JndiLoginModule de SASL JAAS en la API de Kafka Connect. Sin embargo, no solo la API de Kafka Connect es vulnerable a este ataque, sino que los brokers de Apache Kafka tambi\u00e9n presentan esta vulnerabilidad. Para explotar esta vulnerabilidad, el atacante debe poder conectarse al cl\u00faster de Kafka y tener el permiso AlterConfigs en el recurso del cl\u00faster. A partir de Apache Kafka 3.4.0, hemos a\u00f1adido una propiedad del sistema (\"-Dorg.apache.kafka.disallowed.login.modules\") para deshabilitar el uso problem\u00e1tico de los m\u00f3dulos de inicio de sesi\u00f3n en la configuraci\u00f3n de SASL JAAS. Tambi\u00e9n, de forma predeterminada, \"com.sun.security.auth.module.JndiLoginModule\" est\u00e1 deshabilitado en Apache Kafka 3.4.0, y \"com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule\" est\u00e1 deshabilitado de forma predeterminada en Apache Kafka 3.9.1/4.0.0"}], "lastModified": "2025-07-11T16:52:33.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFF1223-11B1-4E7A-9538-A6F6FD024ECB", "versionEndIncluding": "3.3.2", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}