Summary
| Vulnerability Name | Apache Kafka Connect Arbitrary File Read (CVE-2025-27817) |
| Released on | June 10, 2025 |
| Affected Component | Apache Kafka |
| Affected Version | 3.1.0 ≤ Apache Kafka < 3.9.1 |
| Vulnerability Type | Arbitrary file read |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. Attackers can exploit this vulnerability to read arbitrary files without authorization. Severity: high-risk. This vulnerability may result in sensitive information leakage. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
Vulnerability Description
On June 10, 2025, Sangfor FarSight Labs received notification of the arbitrary file read vulnerability in Apache Kafka Connect (CVE-2025-27817), classified as high-risk in threat level.
Specifically, Apache Kafka Connect contains an arbitrary file read vulnerability that allows unauthorized attackers to read arbitrary files, potentially leading to sensitive information leakage.
Affected Versions
The following Apache Kafka versions are affected:
3.1.0 ≤ Apache Kafka < 3.9.1
Solutions
Remediation Solutions
Official Solution
The latest version has been officially released to fix the vulnerability. Affected users are advised to update Apache Kafka to 3.9.1 or a later version as needed.
Download link: https://github.com/apache/kafka/tags
Temporary Solution
It is advised not to expose Apache Kafka Connect to the public network on the premise that business operations are not affected. Detailed configurations are as follows:
If Apache Kafka Connect is started in standalone mode, set the listeners or rest.host.name field in the connect-standalone.properties configuration file to the local loopback address.
If Apache Kafka Connect is started in distributed mode, set the listeners or rest.host.name field in the connect-distributed.properties configuration file to the local loopback address
Sangfor Solutions
Risky Asset Discovery
The following Sangfor product can conduct proactive detection on Apache Kafka to discover affected assets in batches in business scenarios:
Sangfor Endpoint Secure: The corresponding asset discovery solution has been released. The fingerprint ID is 0006168.
Timeline
On June 10, 2025, Sangfor FarSight Labs received notification of the arbitrary file read vulnerability in Apache Kafka Connect (CVE-2025-27817)).
On June 10, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
https://lists.apache.org/thread/6cm2d0q5126lp7w591wt19211s5xxcsm
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
