Warning: High severity vulnerability in Apache ActiveMQ NMS Openwire Client, Patch Immediately!

Image
Decorative image
Published : 05/05/2025

    * Last update:  05/05/2025

   

    * Affected software:: Apache ActiveMQ NMS OpenWire Client, versions <2.1.1

 

    * Type: CWE-502 Deserialization of Untrusted Data

 

    * CVE/CVSS

        → CVE-2025-29953: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://nvd.nist.gov/vuln/detail/CVE-2025-29953
https://www.zerodayinitiative.com/advisories/ZDI-25-266/

Risks

Apache ActiveMQ is a widely used open-source message broker commonly deployed in enterprise messaging systems, IoT platforms, and cloud infrastructures. Apache ActiveMQ NMS is a .NET client that communicates with the ActiveMQ broker using its native Openwire protocol.

Apache disclosed a high-severity vulnerability affecting ActiveMQ NMS that could allow remote attackers to execute arbitrary code under certain conditions. Successful exploitation can compromise Confidentiality, Integrity, and Availability (CIA) of affected systems.

Description

CVE-2025-29953 CVSS 8.1 - CWE-502 Deserialization of Untrusted Data
The vulnerability stems from a flaw in the Body accessor method in the Apache ActiveMQ NMS library. This method does not adequately validate user-supplied input, allowing deserialization of untrusted data. An attacker could craft a malicious message that, when processed by the library, leads to arbitrary code execution within the context of the current process. Notably, the specific attack vectors can vary depending on how it is implemented since successful exploitation requires interaction with the library.

Recommended Actions

Patch 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. This vulnerability is patched in ActiveMQ NMS OpenWire Client 2.1.1.

Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx
https://issues.apache.org/jira/browse/AMQNET-844