【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-54539) has been identified in Apache ActiveMQ NMS AMQP. Please verify and apply the necessary patches as soon as possible.
publish date :
2025-10-23
update date :
2025-10-23
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025102201101414 | Publication Time | 2025/10/22 13:15 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/10/22 13:15 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-54539) has been identified in Apache ActiveMQ NMS AMQP. Please verify and apply the necessary patches as soon as possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202510-00000201 Researchers have discovered a Deserialization of Untrusted Data vulnerability (CVE-2025-54539) in the Apache ActiveMQ NMS AMQP client. An unauthenticated remote attacker could exploit this vulnerability by establishing a connection between the affected client and an untrusted AMQP server. By returning specially crafted serialized data, the attacker could execute arbitrary code on the client. Please verify and apply the necessary security patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] This vulnerability affects Apache ActiveMQ NMS AMQP versions 2.3.0 and earlier. |
|||
| [Recommended Actions] Please update Apache ActiveMQ NMS AMQP to version 2.4.0 or later. |
|||
|
[Reference] 2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw