CVE-2025-61673 HIGH

CVE-2025-61673: Karapace is vulnerable to Authentication Bypass

Vendor Aiven-Open
Product karapace
Weakness CWE-306 · Missing auth
Published October 3, 2025
Last update October 6, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.

Key dates

02Disclosure timeline

October 3, 2025 CVE published
October 6, 2025 Record updated