CVE-2025-61673HIGH 8.6EPSS p29.2%

CVE-2025-61673CVE-2025-61673

Description

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read and write to Schema Registry endpoints that should otherwise be protected. This effectively renders the OAuth authentication mechanism ineffective. This issue is fixed in version 5.0.2.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS0.38% probability of exploitation · percentile 29.2% · 2026-06-19T12:03:05Z
Published2025-10-03
Last modified2026-04-15

Underlying weaknesses· 2

CWE-288CWE-306

References

  1. https://github.com/Aiven-Open/karapace/pull/1143/commits/c4038e9ce9fa504b433d59ac2944e337292922c7
  2. https://github.com/Aiven-Open/karapace/releases/tag/5.0.2
  3. https://github.com/Aiven-Open/karapace/security/advisories/GHSA-vq25-vcrw-gj53

2

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33557
CVE
CVE-2026-45080
CVE
CVE-2026-41115
CVE
CVE-2026-44367
CVE
CVE-2026-41727
CVE
CVE-2026-10143
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.