Multiple vulnerabilities in in Apache ActiveMQ Artemis
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-27427 CVE-2025-27391 |
| CWE-ID | CWE-264 CWE-532 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ActiveMQ Artemis Server applications / Other server solutions |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU106308
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-27427
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with "createDurableQueue" or "createNonDurableQueue" permission on an address can augment the routing-type supported by that address even if said user doesn't have the "createAddress" permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActiveMQ Artemis: 2.0.0 - 2.39.0
CPE2.3- cpe:2.3:a:apache_foundation:activemq_artemis:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:activemq_artemis:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:activemq_artemis:2.2.0:*:*:*:*:*:*:*
https://lists.apache.org/thread/gz5nst3gnhqwjs84vxrcp22t34lx6wkx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU111918
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-27391
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. A local user can read the log files and gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsActiveMQ Artemis: 1.5.1 - 2.39.0
CPE2.3- cpe:2.3:a:apache_foundation:activemq_artemis:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:activemq_artemis:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:activemq_artemis:1.5.3:*:*:*:*:*:*:*
https://www.openwall.com/lists/oss-security/2025/04/09/3
https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
