Kafbat UI 1.0.0 unsafe deserialization allows unauthenticated code execution
CVE-2025-49127 Published on June 6, 2025
Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration
Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-49127 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-49127
Want to know whenever a new CVE is published for Apache Kafka? stack.watch will email you.
Affected Versions
kafbat kafka-ui Version = 1.0.0 is affected by CVE-2025-49127Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.