Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
* Last update: 05/05/2025
* Affected software:: Apache ActiveMQ NMS OpenWire Client, versions <2.1.1
* Type: CWE-502 Deserialization of Untrusted Data
* CVE/CVSS
→ CVE-2025-29953: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
https://nvd.nist.gov/vuln/detail/CVE-2025-29953
https://www.zerodayinitiative.com/advisories/ZDI-25-266/
Apache ActiveMQ is a widely used open-source message broker commonly deployed in enterprise messaging systems, IoT platforms, and cloud infrastructures. Apache ActiveMQ NMS is a .NET client that communicates with the ActiveMQ broker using its native Openwire protocol.
Apache disclosed a high-severity vulnerability affecting ActiveMQ NMS that could allow remote attackers to execute arbitrary code under certain conditions. Successful exploitation can compromise Confidentiality, Integrity, and Availability (CIA) of affected systems.
CVE-2025-29953 CVSS 8.1 - CWE-502 Deserialization of Untrusted Data
The vulnerability stems from a flaw in the Body accessor method in the Apache ActiveMQ NMS library. This method does not adequately validate user-supplied input, allowing deserialization of untrusted data. An attacker could craft a malicious message that, when processed by the library, leads to arbitrary code execution within the context of the current process. Notably, the specific attack vectors can vary depending on how it is implemented since successful exploitation requires interaction with the library.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. This vulnerability is patched in ActiveMQ NMS OpenWire Client 2.1.1.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx
https://issues.apache.org/jira/browse/AMQNET-844