In CVE-2025-27819, Apache Kafka brokers were found to be vulnerable to Remote Code Execution (RCE) and Denial of Service attacks through SASL JAAS JndiLoginModule configuration. This vulnerability is an extension of the previously reported CVE-2023-25194, which initially only identified the vulnerability in Kafka Connect API.