Arbitrary File Read and SSRF Vulnerability in Apache Kafka Client by Apache

CVE-2025-27817

What is CVE-2025-27817?

CVE-2025-27817 is a vulnerability identified in the Apache Kafka Client, a widely used open-source platform for building real-time data pipelines and streaming applications. This vulnerability allows for arbitrary file reading and server-side request forgery (SSRF) through misconfigured SASL/OAUTHBEARER connection settings, specifically involving token and JWKS endpoint URLs. When configurations can be specified by untrusted parties, attackers may exploit these settings to access sensitive file contents or redirect requests to unintended locations, thereby compromising the system's integrity. The risk of unauthorized access to file systems or environment variables, particularly within environments like software-as-a-service (SaaS) providers, makes this flaw critical. Versions 3.9.1 and 4.0.0 of Apache Kafka introduced mitigations, but defaults in earlier versions pose significant risks without corrective action.

Potential impact of CVE-2025-27817

1. Unauthorized Data Access: Attackers may leverage this vulnerability to gain access to sensitive data stored on the server, which can include configuration files or sensitive token information. This unapproved reading of arbitrary files poses a severe threat to data confidentiality.

2. Escalated Attack Surface: The design flaw allows for the potential escalation of exploitation, particularly in systems using Apache Kafka Connect. Attackers can exploit this vulnerability to transition from accessing the REST API to compromising the underlying filesystem or external resources, increasing the severity and reach of an attack.

3. Service Disruption and Compliance Risks: The exploitation of this vulnerability can lead to unauthorized requests being sent to unintended locations, potentially causing service disruptions and compliance violations, especially in industries that mandate strict data handling and security measures.

References