CVE-2025-49127

Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

CVSS

No CVSS.

References

Link	Resource
https://github.com/kafbat/kafka-ui/releases/tag/v1.1.0
https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2
https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2

Configurations

No configuration.

History

09 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 21:15

Updated : 2025-06-09 16:15

NVD link : CVE-2025-49127

Mitre link : CVE-2025-49127

CVE.ORG link : CVE-2025-49127

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-49127", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-06T21:15:23.137", "references": [{"url": "https://github.com/kafbat/kafka-ui/releases/tag/v1.1.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2", "source": "security-advisories@github.com"}, {"url": "https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue."}, {"lang": "es", "value": "Kafbat UI es una interfaz de usuario web para administrar cl\u00fasteres de Apache Kafka. Una vulnerabilidad de deserializaci\u00f3n insegura en la versi\u00f3n 1.0.0 permite que cualquier usuario no autenticado ejecute c\u00f3digo arbitrario en el servidor. La versi\u00f3n 1.1.0 corrige el problema."}], "lastModified": "2025-06-09T16:15:44.833", "sourceIdentifier": "security-advisories@github.com"}

CVE-2025-49127

JSON object

Attach tags to CVE-2025-49127

Attach tags to `CVE-2025-49127`