Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025102201101414 | Publication Time | 2025/10/22 13:15 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/10/22 13:15 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-54539) has been identified in Apache ActiveMQ NMS AMQP. Please verify and apply the necessary patches as soon as possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202510-00000201 Researchers have discovered a Deserialization of Untrusted Data vulnerability (CVE-2025-54539) in the Apache ActiveMQ NMS AMQP client. An unauthenticated remote attacker could exploit this vulnerability by establishing a connection between the affected client and an untrusted AMQP server. By returning specially crafted serialized data, the attacker could execute arbitrary code on the client. Please verify and apply the necessary security patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] This vulnerability affects Apache ActiveMQ NMS AMQP versions 2.3.0 and earlier. |
|||
| [Recommended Actions] Please update Apache ActiveMQ NMS AMQP to version 2.4.0 or later. |
|||
|
[Reference] 2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n |
|||