VDB
MINI-c4wf-9wc5-wfq8
MINI-c4wf-9wc5-wfq8
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| MinimOS | strimzi-kafka-operator-kafka-init | 0, 0 |
| MinimOS | prometheus-jmx-exporter-strimzi-compat | 0, 0 |
| MinimOS | kafka-strimzi-compat | 0, 0 |
| MinimOS | strimzi-kafka-operator-kafka-base | 0, 0 |
| MinimOS | strimzi-kafka-operator-kafka-agent | 0, 0 |
| MinimOS | strimzi-kafka-operator-user-operator | 0, 0 |
| MinimOS | strimzi-kafka-operator-tracing-agent | 0, 0 |
| MinimOS | kafka_exporter-strimzi-compat | 0, 0 |
| MinimOS | strimzi-kafka-operator-topic-operator | 0, 0 |
| MinimOS | strimzi-kafka-operator | 0, 0 |
| MinimOS | strimzi-kafka-operator-kafka-thirdparty-libs | 0, 0 |
| MinimOS | strimzi-kafka-operator-kafka-thirdparty-libs-cc | 0, 0 |
| MinimOS | strimzi-kafka-operator-cluster-operator | 0, 0 |
Exploit Intelligence
- CVE-2025-27817 (github-poc)
- Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。 (github-poc)
- CVE-2025-27817 (github-poc)
- 01.基于vless的科学上网.html (github-poc)
- KafkaRecordSupplier.java (github-poc)
- druid-612f0710.json (github-poc)
- async-iot.ts (github-poc)
- Nuclei Template: CVE-2025-27817 (nuclei-template)
Timeline
- Nov 12, 2025 CVE Published
- Mar 4, 2026 CVE Updated