- Description
- A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- kafka
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-918
- Hype score
- Not currently trending
🚨 CVE-2025-27817 - high 🚨 Apache Kafka Client - Arbitrary File Read > Apache Kafka Client contains arbitrary file read and server-side request forgery caus... 👾 https://t.co/D2GLwFy4yn @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
23 Jan 2026
142 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-27817 is a critical vulnerability in the Kafka client that allows arbitrary file reads, and it’s a perfect example of why we shouldn’t blindly trust version numbers or vulnerability scanners. Always dig into how a vulnerability is addressed...Or let Seal Security do
@SealSecurity_io
12 Jun 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27817: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data . https://t.co/pXTlhRqrgV https://t.co/xV89KdboTk
@cyber_advising
12 Jun 2025
1433 Impressions
4 Retweets
19 Likes
12 Bookmarks
0 Replies
0 Quotes
"New Kafka Connect Vulnerability (CVE-2025-27817) Lets Attackers Read Any File" by Sharon #DEVCommunity #vulnerabilities #cybersecurity https://t.co/YdJ2LJUTAp
@Sharon18866
12 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27817 Arbitrary File Read and SSRF Vulnerability in Apache Kafka Client Configuration https://t.co/tb6s7Tg1SO
@VulmonFeeds
10 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Apache Kafka multiple high-risk vulnerabilities CVE-2025-27817: Apache Kafka Client Arbitrary File Read Vulnerability CVE-2025-27818, CVE-2025-27819: Apache Kafka #RCE Vulnerability ZoomEye Dork👉app="Kafka" Reveals 10k+ vulnerable instances! ZoomEye Link: https://t.c
@zoomeye_team
10 Jun 2025
819 Impressions
5 Retweets
17 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-27817 A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/… https://t.co/SvKGXECYvW
@CVEnew
10 Jun 2025
361 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D04AEB9-4727-4A0B-85B2-3DCA8BE63570",
"versionEndExcluding": "3.9.1",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]