一、漏洞简介¶

1.1 漏洞背景¶

Apache Kafka 支持多种认证机制，其中 SASL/PLAIN 和 SASL/SCRAM 是常用的用户名/密码认证方式。在这些认证机制中，客户端需要提供用户凭证来验证身份。

该漏洞存在于 Kafka 的 SASL 认证实现中，允许已认证的客户端通过精心构造的协议消息，冒充其他用户的身份。这类似于 Web 应用中的"权限提升"漏洞，攻击者可以利用低权限账户获取高权限用户的能力。

1.2 漏洞概述（包含 CVE 编号、危害等级、漏洞类型、披露时间等）¶

项目	内容
漏洞编号	CVE-2017-12610
危害等级	MEDIUM / 6.8
漏洞类型	用户身份冒充漏洞
披露时间	2018-07-26
影响组件	Apache Kafka 安全

• CVE 编号: CVE-2017-12610
• 危害等级: 中危
• CVSS 评分: 5.5 (Medium)
• CWE 分类: CWE-287 - Improper Authentication（认证不当）
• 影响组件: Apache Kafka Broker - SASL 认证模块
• 影响类型: 权限提升 / 身份冒充

补充核验信息：公开时间：2018-07-26；NVD 评分：6.8（MEDIUM）；CWE：CWE-287。

二、影响范围¶

2.1 受影响的版本¶

• Apache Kafka 0.10.0.0 - 0.10.2.1
• Apache Kafka 0.11.0.0 - 0.11.0.1

2.2 不受影响的版本¶

• Apache Kafka < 0.10.0.0
• Apache Kafka 0.10.2.2 或更高
• Apache Kafka 0.11.0.2 或更高
• Apache Kafka 1.0.0 或更高

2.3 触发条件（如特定模块、特定配置、特定运行环境等）¶

1. 使用内置 SASL 实现: 集群使用 Kafka 内置的 PLAIN 或 SCRAM 服务器实现
2. 已认证用户: 攻击者必须已经通过认证
3. 多用户环境: 存在多个不同权限级别的用户

三、漏洞详情与原理解析¶

3.1 漏洞触发机制¶

SASL/PLAIN 认证流程:

``` 1. 客户端连接到 Broker 2. 客户端发送 SASL Handshake 请求 3. Broker 返回支持的机制列表 4. �

3.2 源码层面的根因分析（结合源码与补丁对比）¶

NVD 已收录该漏洞，但公开资料未必包含完整补丁差异或源码级修复说明。若后续获得官方提交记录，应优先结合补丁前后逻辑继续补充本节。

四、漏洞复现（可选）¶

4.1 环境搭建¶

暂无公开可验证复现信息。

4.2 PoC 演示与测试过程¶

暂无公开可验证复现信息。

五、修复建议与缓解措施¶

5.1 官方版本升级建议¶

• 优先升级到 0.10.2.1 或同等后续安全版本。
• 优先升级到 0.11.0.1 或同等后续安全版本。
• 升级前请结合官方发布说明确认兼容性与回滚方案。

5.2 临时缓解方案（如修改配置文件、关闭相关模块、增加 WAF 规则等）¶

• 在完成版本升级前，建议将相关服务限制在可信网络边界内，并最小化暴露面。
• 对高风险接口、插件或调试功能实施临时下线、访问控制与日志监控。

六、参考信息 / 参考链接¶

6.1 官方安全通告¶

• 暂未找到可直接引用的官方安全通告，请优先关注项目安全公告、发布说明与修复分支。

6.2 其他技术参考资料¶

• NVD：https://nvd.nist.gov/vuln/detail/CVE-2017-12610
• CVE：https://www.cve.org/CVERecord?id=CVE-2017-12610
• http://www.securityfocus.com/bid/104899
• https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210%40%3Cusers.kafka.apache.org%3E
• https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

<hr />

Apache Kafka ???????CVE-2018-1288?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2018-1288 ??????????????????????? MEDIUM?CVSS 5.4?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2018-1288
????	MEDIUM
CVSS ??	5.4
????	NVD-CWE-noinfo
????	2018-07-26
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, > 0.9.0.0, <= 0.9.0.1
• apache:kafka:*, >= 0.10.0.0, <= 0.10.2.1
• apache:kafka:*, >= 0.11.0.0, <= 0.11.0.2
• apache:kafka:1.0.0
• redhat:jboss_middleware_text-only_advisories:1.0
• oracle:database:11.2.0.4
• oracle:database:12.1.0.2
• oracle:database:12.2.0.1

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????NVD-CWE-noinfo?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2018-1288
• https://www.cve.org/CVERecord?id=CVE-2018-1288
• http://www.securityfocus.com/bid/104900
• https://access.redhat.com/errata/RHSA-2018:3768
• https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E
• https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E

<hr />

Apache Kafka ???????CVE-2019-12399?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2019-12399 ??????????????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2019-12399
????	HIGH
CVSS ??	7.5
????	CWE-319
????	2020-01-14
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:2.0.0
• apache:kafka:2.0.1
• apache:kafka:2.1.0
• apache:kafka:2.1.1
• apache:kafka:2.2.0
• apache:kafka:2.2.1
• apache:kafka:2.3.0
• oracle:banking_corporate_lending_process_management:14.1.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can i...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-319?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2019-12399
• https://www.cve.org/CVERecord?id=CVE-2019-12399
• http://www.openwall.com/lists/oss-security/2020/01/14/1
• https://lists.apache.org/thread.html/r0e3a613705d70950aca2bfe9a6265c87503921852d9a3dbce512ca9f%40%3Ccommits.druid.apache.org%3E
• https://lists.apache.org/thread.html/r2d390dec5f360ec8aa294bef18e1a4385e2a3698d747209216f5a48b%40%3Ccommits.druid.apache.org%3E
• https://lists.apache.org/thread.html/r3154f5adbc905f1f9012a92240c8e00a96628470cc819453b9606d0e%40%3Ccommits.druid.apache.org%3E
• https://lists.apache.org/thread.html/r3203d7f25a6ca56ff3e48c43a6aa7cb60b8e5d57d0eed9f76dc2b7a8%40%3Ccommits.druid.apache.org%3E
• https://lists.apache.org/thread.html/r47c225db363d1ee2c18c4b3b2f51b63a9789f78c7fa602e5976ecd05%40%3Ccommits.druid.apache.org%3E

<hr />

Apache Kafka ???????CVE-2020-27218?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2020-27218 ??????????????????????? MEDIUM?CVSS 4.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2020-27218
????	MEDIUM
CVSS ??	4.8
????	CWE-226?NVD-CWE-noinfo
????	2020-11-28
????	Apache Kafka

??????¶

2.1 ??????¶

• eclipse:jetty:*, >= 9.4.0, < 9.4.35
• eclipse:jetty:10.0.0
• eclipse:jetty:11.0.0
• netapp:oncommand_system_manager:*, >= 3.0, <= 3.1.3
• netapp:snap_creator_framework:-
• oracle:blockchain_platform:*, < 21.1.2
• oracle:communications_converged_application_server_-_service_controller:6.2
• oracle:communications_offline_mediation_controller:12.0.0.3.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-226?NVD-CWE-noinfo?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-27218
• https://www.cve.org/CVERecord?id=CVE-2020-27218
• https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
• https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
• https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E
• https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E

<hr />

Apache Kafka ???????CVE-2021-38153?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2021-38153 ??????????????????????? MEDIUM?CVSS 5.9?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2021-38153
????	MEDIUM
CVSS ??	5.9
????	CWE-203
????	2021-09-22
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 2.0.0, < 2.6.3
• apache:kafka:*, >= 2.7.0, < 2.7.2
• apache:kafka:2.8.0
• quarkus:quarkus:*, < 2.2.4
• oracle:communications_brm_-_elastic_charging_engine:*, < 12.0.0.4.6
• oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0
• oracle:communications_cloud_native_core_policy:1.15.0
• oracle:financial_services_analytical_applications_infrastructure:*, >= 8.0.6.0, <= 8.0.9.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected v...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-203?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2021-38153
• https://www.cve.org/CVERecord?id=CVE-2021-38153
• https://kafka.apache.org/cve-list
• https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E
• https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E

<hr />

Apache Kafka ???????CVE-2024-27309?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2024-27309 ??????????????????????? HIGH?CVSS 7.4?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2024-27309
????	HIGH
CVSS ??	7.4
????	CWE-863
????	2024-04-12
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 3.5.0, <= 3.6.1

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-863?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2024-27309
• https://www.cve.org/CVERecord?id=CVE-2024-27309
• http://www.openwall.com/lists/oss-security/2024/04/12/3
• https://lists.apache.org/thread/6536rmzyg076lzzdw2xdktvnz163mjpy
• https://security.netapp.com/advisory/ntap-20240705-0002/

<hr />

Apache Kafka ???????CVE-2024-31141?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2024-31141 ??????????????????????? MEDIUM?CVSS 6.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2024-31141
????	MEDIUM
CVSS ??	6.5
????	CWE-269?CWE-552
????	2024-11-19
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 2.3.0, <= 3.5.2
• apache:kafka:*, >= 3.6.0, <= 3.6.2
• apache:kafka:3.7.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProv...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-269?CWE-552?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2024-31141
• https://www.cve.org/CVERecord?id=CVE-2024-31141
• https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv
• http://www.openwall.com/lists/oss-security/2024/11/18/5
• https://security.netapp.com/advisory/ntap-20250131-0001/

<hr />

Apache Kafka ???????CVE-2024-56128?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2024-56128 ??????????????????????? MEDIUM?CVSS 5.3?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2024-56128
????	MEDIUM
CVSS ??	5.3
????	CWE-303?NVD-CWE-Other
????	2024-12-18
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 0.10.2.0, < 3.7.2
• apache:kafka:3.8.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify t...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-303?NVD-CWE-Other?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2024-56128
• https://www.cve.org/CVERecord?id=CVE-2024-56128
• https://datatracker.ietf.org/doc/html/rfc5802
• https://datatracker.ietf.org/doc/html/rfc5802#section-9
• https://kafka.apache.org/documentation/#security_sasl_scram_security
• https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw
• http://www.openwall.com/lists/oss-security/2024/12/18/3

<hr />

Apache Kafka ???????CVE-2025-27817?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2025-27817 ??????????????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2025-27817
????	HIGH
CVSS ??	7.5
????	CWE-918
????	2025-06-10
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 3.1.0, < 3.9.1

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows ...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-918?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2025-27817
• https://www.cve.org/CVERecord?id=CVE-2025-27817
• https://kafka.apache.org/cve-list
• http://www.openwall.com/lists/oss-security/2025/06/09/1

<hr />

Apache Kafka ???????CVE-2025-27818?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2025-27818 ??????????????????????? HIGH?CVSS 8.8?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2025-27818
????	HIGH
CVSS ??	8.8
????	CWE-502
????	2025-06-10
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 2.3.0, < 3.9.1

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible ...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-502?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2025-27818
• https://www.cve.org/CVERecord?id=CVE-2025-27818
• https://kafka.apache.org/cve-list
• http://www.openwall.com/lists/oss-security/2025/06/09/2

<hr />

Apache Kafka ???????CVE-2025-27819?¶

??????¶

1.1 ????¶

Apache Kafka ???????????? CVE-2025-27819 ??????????????????????? HIGH?CVSS 7.5?

1.2 ??????? CVE ???????????????????¶

??	??
????	CVE-2025-27819
????	HIGH
CVSS ??	7.5
????	CWE-502
????	2025-06-10
????	Apache Kafka

??????¶

2.1 ??????¶

• apache:kafka:*, >= 2.0.0, <= 3.3.2

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ????????????????????????
• ?????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connec...
• ??????????????????????????? PoC ???

3.2 ????????????????????¶

• ?????????????CWE-502?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2025-27819
• https://www.cve.org/CVERecord?id=CVE-2025-27819
• https://kafka.apache.org/cve-list