CVE-2025-61673
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aiven-open | karapace | 5.0.2 |
| aiven-open | karapace | 5.0.0 |
| aiven-open | karapace | 5.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in Karapace versions 5.0.0 and 5.0.1 when using OAuth 2.0 Bearer Token authentication. If a request is made without an Authorization header, the system skips token validation, allowing unauthenticated users to access and modify Schema Registry endpoints that should be protected. This means the OAuth authentication mechanism does not work as intended.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated users to read and write to protected Schema Registry endpoints. This can lead to unauthorized access to sensitive data and unauthorized modifications, potentially compromising data integrity and confidentiality.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Karapace to version 5.0.2 or later, as this version contains the fix for the authentication bypass vulnerability. Until the upgrade can be performed, consider disabling OAuth 2.0 Bearer Token authentication or restricting access to the Schema Registry endpoints to trusted networks or users to prevent unauthorized access.