CVE-2025-49127

Kafbat UI <1.0.0 - Code Injection

Title source: llm

Description

Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

References (2)

[Vendor Advisory] https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2

[Release Notes] https://github.com/kafbat/kafka-ui/releases/tag/v1.1.0

Scores

EPSS 0.0097

EPSS Percentile 76.5%

Classification

CWE

CWE-502

Status draft

Timeline

Published Jun 06, 2025

Tracked Since Feb 18, 2026