1 results (0.002 seconds)
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2025-27817 – Apache Kafka Client: Arbitrary file read and SSRF vulnerability
https://notcve.org/view.php?id=CVE-2025-27817
10 Jun 2025 — A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specifie... • https://github.com/kk12-30/CVE-2025-27817 • CWE-918: Server-Side Request Forgery (SSRF) •