Sensitive Information Logging in Apache ActiveMQ Artemis
CVE-2025-27391

6.8MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ Artemis
Vendor: CVE Published:; 9 April 2025

Summary

A vulnerability exists in Apache ActiveMQ Artemis that allows sensitive information to be logged if the debug logging level is enabled for the configuration logger. Specifically, all broker properties are exposed in log files, potentially compromising sensitive data. This issue affects versions from 1.5.1 up to but not including 2.40.0. Users are advised to restrict access to log files to trusted users to mitigate the risk, and to upgrade to version 2.40.0, which addresses this logging issue.

Affected Version(s)

Apache ActiveMQ Artemis 1.5.1 < 2.40.0

References

https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knkl...

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Feb 24, 2025

Credit

Rafael Yanez Illescas <[email protected]>