Karapace is vulnerable to Authentication Bypass_CVE-2025-61673

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Description

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.

Basic Information

ID CVE-2025-61673

Source GitHub_M

Published Oct 3, 2025 at 21:12

Affected Product

Vendor Aiven-Open

Product karapace

Version >= 5.0.0, < 5.0.2

Affected Versions Aiven-Open karapace >= 5.0.0, < 5.0.2

CWE Classification

CWE-306 CWE-288

References

{
    "lastseen": "",
    "description": "Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.",
    "published": "2025-10-03T21:12:24.471Z",
    "modified": "2025-10-03T21:12:24.471Z",
    "type": "cve",
    "title": "Karapace is vulnerable to Authentication Bypass",
    "source": "GitHub_M",
    "references": "https://github.com/Aiven-Open/karapace/security/advisories/GHSA-vq25-vcrw-gj53\nhttps://github.com/Aiven-Open/karapace/pull/1143/commits/c4038e9ce9fa504b433d59ac2944e337292922c7\nhttps://github.com/Aiven-Open/karapace/releases/tag/5.0.2",
    "id": "CVE-2025-61673",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Aiven-Open karapace >= 5.0.0, < 5.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "karapace",
    "version": ">= 5.0.0, < 5.0.2",
    "vendor": "Aiven-Open",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}