CVE-2025-49127 is a recently disclosed high-severity vulnerability affecting Kafbat UI, a web interface for managing Apache Kafka clusters. The flaw allows unauthenticated attackers to execute arbitrary code on the server via unsafe deserialization in version 1.0.0. This vulnerability has been addressed in version 1.1.0.
Vulnerability Details
- CVE ID: CVE-2025-49127
- Affected Software: Kafbat UI
- Affected Version: 1.0.0
- CWE Identifier: CWE-502 – Deserialization of Untrusted Data
- CVSS v4.0 Score: 8.9 (High)
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Exploitation Path
The vulnerability arises from unsafe deserialization in Kafbat UI version 1.0.0. An unauthenticated attacker can exploit this flaw by sending specially crafted data to the application, leading to arbitrary code execution on the server. This could compromise the confidentiality, integrity, and availability of the system.
Mitigation Steps
If you are using Kafbat UI:
- Check Your Version: Ensure you are not running version 1.0.0.
- Update the Application: Upgrade to version 1.1.0, where this vulnerability has been addressed.
- Restrict Access: Implement network-level restrictions to limit access to the Kafbat UI interface.
- Monitor Systems: Regularly monitor your systems for any unusual activity or unauthorized access attempts.
References & Attribution
1. https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2
2. https://github.com/kafbat/kafka-ui/releases/tag/v1.1.0
3. NVD Entry for CVE-2025-49127 – National Vulnerability Database summary
https://nvd.nist.gov/vuln/detail/CVE-2025-49127
4. MITRE CVE Program – Source of CVE metadata and classification
© 1999–2025 The MITRE Corporation. Licensed under the MITRE CVE Terms of Use.
https://www.cve.org/Legal/TermsOfUse
Subscribe to CybrWolf and stay ahead of threats.