CyberSecurityBoard
Sponsor Register Login

Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, affects versions prior to 2.1.1 and poses significant risks to organizations using the messaging broker for application communication. Attackers can craft malicious payloads to exploit the OpenWire protocol, leading to deserialization of harmful data and subsequent arbitrary code execution on the client side. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. As messaging systems remain a high-value target for attackers, proactive updates and adherence to secure coding practices are critical to mitigating emerging threats. This flaw, classified under CWE-502 (Deserialization of Untrusted Data), earned a critical CVSS score of 9.8 due to its low attack complexity and high impact on confidentiality, integrity, and availability, reads the advisory. While Apache introduced an allow/denylist feature in version 2.1.0 to restrict deserialization, researchers found it could be bypassed, leaving systems unprotected. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Organizations using ActiveMQ should prioritize patching and review logging for signs of exploitation, such as unexpected deserialization errors or connections from unverified sources.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 01 May 2025 08:50:06 +0000


Cyber News related to Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
1 year ago Cybersecurity-insiders.com CVE-2023-46604 Andariel
Hackers Actively Exploiting ActiveMQ Vulnerability Install Malware - Attackers have been exploiting the Apache ActiveMQ Vulnerability to steal data and install malware constantly. Using the Apache ActiveMQ remote code execution vulnerability, the Andariel threat group was found to be installing malware last month. ...
1 year ago Gbhackers.com CVE-2023-46604 Andariel
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com CVE-2023-46604 CVE-2023-4660
Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw - Threat actors have unleashed a fresh wave of cyberattacks targeting a critical remote code-execution vulnerability in Apache ActiveMQ, for which the Apache Software Foundation issued a patch back in October. In many of the attacks, the adversary has ...
1 year ago Darkreading.com CVE-2023-46604
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability - Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary ...
1 year ago Thehackernews.com CVE-2023-46604
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits - The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. The flaw allows remote code execution and was fixed in late October. Apache's ...
1 year ago Bleepingcomputer.com CVE-2023-46604
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
Apache ActiveMQ Vulnerability Exploited to Attack Linux Servers - Threat actors actively targeted the Apache ActiveMQ vulnerability to get unauthorized access to messaging systems, leading to potential data breaches and system compromise. Cybersecurity researchers at Sekoia recently identified that the Kinsing ...
1 year ago Cybersecuritynews.com
CVE-2020-11111 - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). ...
3 years ago
CVE-2025-27533 - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. ...
1 month ago
CVE-2023-39913 - Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. ...
4 months ago
Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code - A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, ...
1 month ago Cybersecuritynews.com CVE-2025-29953
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability - Attackers are exploiting the recently discovered critical security vulnerability tracked as affecting Apache ActiveMQ to disseminate the Golang-based botnet GoTitan and the. NET application "PrCtrl Rat," which has the ability to be remotely ...
1 year ago Cybersecuritynews.com CVE-2023-46604
CVE-2025-27391 - Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level ...
2 months ago
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Securityweek.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Packetstormsecurity.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com CVE-2023-50164
CVE-2018-1310 - Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to ...
6 years ago
CVE-2021-26117 - The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is ...
3 years ago
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
1 year ago Cybersecuritynews.com CVE-2023-50164
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-33246 CVE-2023-37582 Rocke
Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
1 year ago Feeds.dzone.com
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com CVE-2023-50164

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)