CVE-2025-27818 Information

Description

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource or Kafka Connect worker and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0). When configuring the broker via config file or AlterConfig command or connector via the Kafka Kafka Connect REST API an authenticated operator can set the sasl.jaas.config property for any of the connector’s Kafka clients to ## Reference https://kafka.apache.org/cve-list http://www.openwall.com/lists/oss-security/2025/06/09/2