#VU112438 Use of Weak Credentials in activemq-artemis-operator - CVE-2025-4057

Cybersecurity Help s.r.o.

Published: 2025-07-07

Vulnerability identifier: #VU112438

Vulnerability risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-4057

CWE-ID: CWE-1391

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
activemq-artemis-operator
Server applications / Other server solutions

Vendor: ArkMQ

Description

The vulnerability allows an attacker to gain unauthorized access to the application.

The vulnerability exists due to the application does not regenerate password between separated CR dependencies. A remote attacker with knowledge of an old passwords or with the ability t guess one can gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

activemq-artemis-operator: 0.0.0-20250418141202-b262048e6a75

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2362827
https://github.com/advisories/GHSA-q5q7-8x6x-hcg2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Use of weak credential in activemq-artemis-operator

Use of Weak Credentials in AMQ Broker 7.13