Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Critical Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS AMQP Client, Patch Immediately!
Image
Publié : 17/10/2025
- Last update: 17/10/2025
- Affected software:
→ Apache ActiveMQ NMS AMQP Client <= v2.3.0- Type: Deserialization of Untrusted Data (CWE-502)
- CVE/CVSS
→ CVE-2025-54539: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n
Risks
Apache ActiveMQ NMS AMQP Client is a .NET messaging library that enables applications to communicate with AMQP message brokers such as Apache ActiveMQ. CVE-2025-54539 is a high-risk remote code execution vulnerability within this client library.
An attacker controlling or impersonating an AMQP broker can send malicious serialized data that the Apache ActiveMQ NMS AMQP Client deserializes unsafely, allowing the attacker to run arbitrary code on the client system, leading to full compromise of confidentiality, integrity, and availability.
Exploitation requires the client to initiate a connection to a malicious or compromised AMQP broker (or an attacker intercepting the connection). The vulnerability is triggered during message exchange, when the client deserializes data received from the broker.
Description
CVE-2025-54539 is a deserialization vulnerability in the Apache ActiveMQ NMS AMQP Client used by .NET applications when connecting to AMQP servers. The client performs binary deserialization of data received from an AMQP broker without sufficient validation or sandboxing. Maliciously crafted serialized objects returned by a broker or injected via a man-in-the-middle can trigger object instantiation and execution of code paths during deserialization. The practical result is remote code execution (RCE) in the context of the client process.
The defect affects all NMS AMQP releases up to and including 2.3.0 and is fixed in 2.4.0.
Recommended Actions
Patch
Apache recommends users to upgrade to version 2.4.0 or later, which resolves the issue.
Additionally, they recommend projects depending on NMS-AMQP to migrate away from .NET binary serialization as part of a long-term hardening strategy.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-54539
https://www.tenable.com/cve/CVE-2025-54539