Memory Allocation Vulnerability in Apache ActiveMQ by Apache
CVE-2025-27533

6.9MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 7 May 2025

Summary

A vulnerability in Apache ActiveMQ allows excessive memory allocation during the unmarshalling of OpenWire commands due to improper validation of buffer size values. This may lead to a denial of service (DoS), depleting process memory and affecting application and service availability dependent on the ActiveMQ broker, especially in environments not implementing mutual TLS connections. Users are advised to upgrade to the specified versions for remediation and consider enabling mutual TLS as a mitigation strategy.

Affected Version(s)

Apache ActiveMQ 6.0.0 < 6.1.6

Apache ActiveMQ 5.18.0 < 5.18.7

Apache ActiveMQ 5.17.0 < 5.17.7

References

https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Feb 28, 2025