Routing-type Manipulation Vulnerability in Apache ActiveMQ Artemis
CVE-2025-27427

2.3LOW

Key Information:

Vendor: Apache
Status: Apache ActiveMQ Artemis
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-27427?

A vulnerability in Apache ActiveMQ Artemis allows users with certain permissions to alter the routing-type of a message, bypassing established address permissions. Specifically, users granted permissions to create durable and non-durable queues can modify the routing-type of messages sent, even if they lack the relevant permission to change the address itself. This misconfiguration could lead to unauthorized message routing, enabling the potential for unexpected behavior in message delivery and security breaches. Upgrading to version 2.40.0 is advised to mitigate this security issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache ActiveMQ Artemis 2.0.0 <= 2.39.0

References

https://lists.apache.org/thread/8dzlm2vkqphyrnkrby8r8kznd...

vendor-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Feb 24, 2025

Credit

Eojin Lee <djwls7179@gmail.com>

Dain Lee <ledain5094@gmail.com>

WooJin Park <1203kids@gmail.com>

MinJung Lee <whitney2319@gmail.com>

SeChang Oh <osc010524@gmail.com>

JSON

Apache

What is CVE-2025-27427?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.