Main Vulnerability Database Vulnerabilities #VU112438

Use of Weak Credentials in activemq-artemis-operator - CVE-2025-4057

Published: July 7, 2025

Vulnerability identifier: #VU112438

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-4057

CWE-ID: CWE-1391

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ArkMQ

Affected software:
activemq-artemis-operator

Detailed vulnerability description

The vulnerability allows an attacker to gain unauthorized access to the application.

The vulnerability exists due to the application does not regenerate password between separated CR dependencies. A remote attacker with knowledge of an old passwords or with the ability t guess one can gain unauthorized access to the application.

How to mitigate CVE-2025-4057

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2362827
https://github.com/advisories/GHSA-q5q7-8x6x-hcg2

Use of Weak Credentials in activemq-artemis-operator - CVE-2025-4057

Detailed vulnerability description

How to mitigate CVE-2025-4057

Sources

Please verify you're human