EUVD-2025-17363

| CVE-2025-49127 HIGH
2025-06-06 [email protected]
8.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17363
CVE Published
Jun 06, 2025 - 21:15 nvd
HIGH 8.9

Tags

Deserialization RCE Apache

Description

Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

Analysis

Kafbat UI version 1.0.0 contains an unsafe deserialization vulnerability (CWE-502) that allows unauthenticated remote attackers to execute arbitrary code on affected servers with no user interaction required. This is a critical pre-authentication RCE affecting Kafka cluster management infrastructure. The vulnerability has a CVSS score of 8.9 with high impact across confidentiality, integrity, and availability; patch is available in version 1.1.0.

Technical Context

The vulnerability stems from unsafe Java deserialization practices in Kafbat UI's network communication layer. CWE-502 (Deserialization of Untrusted Data) occurs when the application deserializes serialized objects from untrusted sources without proper validation, enabling attackers to instantiate arbitrary classes and trigger code execution through gadget chains. Kafbat UI is a web-based management interface built on top of Apache Kafka client libraries; the unsafe deserialization likely occurs in REST API endpoints or message handling routines that accept serialized Java objects. The Network Attack Vector (AV:N) indicates this is exploitable over the network without physical access, and the Privileges Required: None (PR:N) confirms unauthenticated access is sufficient. CPE for affected product: cpe:2.3:a:kafbat:kafbat-ui:1.0.0:*:*:*:*:*:*:*

Affected Products

- product: Kafbat UI; affected_version: 1.0.0; vulnerable: True; cpe: cpe:2.3:a:kafbat:kafbat-ui:1.0.0:*:*:*:*:*:*:* - product: Kafbat UI; affected_version: 1.1.0; cpe: cpe:2.3:a:kafbat:kafbat-ui:1.1.0:*:*:*:*:*:*:*; notes: Patched version

Remediation

Upgrade immediately to Kafbat UI version 1.1.0 or later; priority: CRITICAL; timeline: Within 24 hours for internet-facing deployments Workaround - Network Segmentation: Restrict network access to Kafbat UI to trusted networks only; implement firewall rules limiting access to the UI port (typically 8080 or 8443) from known administration networks only; priority: HIGH; effectiveness: Reduces attack surface but does not fix the underlying vulnerability Workaround - WAF/IDS Rules: Deploy Web Application Firewall rules to detect and block serialized Java object payloads in HTTP requests (look for base64-encoded Java serialization magic bytes: aced0005); priority: HIGH; effectiveness: May block some exploit attempts but can be bypassed with encoding/obfuscation Monitoring: Enable request logging and monitor for POST/PUT requests containing binary payloads or base64 strings to API endpoints; alert on error logs mentioning deserialization exceptions; priority: MEDIUM Vendor Advisory: Check Kafbat project GitHub releases page (https://github.com/kafbat/ui/releases) for version 1.1.0 release notes and patched binaries; priority: CRITICAL

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +1.0
CVSS: +44
POC: 0

Share

EUVD-2025-17363 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy