CVE-2025-49127

Name of the Vulnerable Software and Affected Versions Kafbat UI version 1.0.0 Kafbat UI versions prior to 1.1.0

Description Kafbat UI is a web user interface designed for managing Apache Kafka clusters. An unsafe deserialization vulnerability exists that allows any unauthenticated user to execute arbitrary code on the server. The issue stems from the application’s dynamic cluster configuration functionality that accepts user-provided JMX endpoints without proper validation.

Recommendations Kafbat UI version 1.0.0: Upgrade to version 1.1.0 or later to resolve this issue. Kafbat UI versions prior to 1.1.0: Upgrade to version 1.1.0 or later to resolve this issue.