CVE-2025-49127
HIGHKafbat UI 1.0.0 - Unauthenticated Remote Code Execution via Unsafe Deserialization
Title source: llmDescription
Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/kafbat/kafka-ui/security/advisories/GHSA-g3mf-c374-fgh2
Release Notes x_refsource_misc
https://github.com/kafbat/kafka-ui/releases/tag/v1.1.0
Scores
CVSS v4
8.9
EPSS
0.0047
EPSS Percentile
37.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
kafbat/kafka-ui
= 1.0.0
Published
Jun 06, 2025
Tracked Since
Feb 18, 2026