CVE-2025-49127 | THREATINT

Description

Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

PUBLISHED Reserved 2025-06-02 | Published 2025-06-06 | Updated 2025-06-09 | Assigner GitHub_M

HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

= 1.0.0

affected

References

github.com/...fka-ui/security/advisories/GHSA-g3mf-c374-fgh2 exploit

github.com/...fka-ui/security/advisories/GHSA-g3mf-c374-fgh2

github.com/kafbat/kafka-ui/releases/tag/v1.1.0

cve.org (CVE-2025-49127)

nvd.nist.gov (CVE-2025-49127)

Download JSON