Home > Vulnerability Database > CVE-2025-27533

Mend.io Vulnerability Database

CVE-2025-27533

Good to know:

Date: May 7, 2025

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Severity Score

7.5

Related Resources (8)

Url: http://www.openwall.com/lists/oss-security/2025/05/06/1

Url: https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27533

Url: https://github.com/apache/activemq

Url: https://github.com/apache/activemq/commit/fc4372b9f0f72b8b5eed917f0019c5cea45c5d06

Url: https://security-tracker.debian.org/tracker/CVE-2025-27533

Url: https://issues.apache.org/jira/browse/AMQ-6596

Url: https://www.mend.io/vulnerability-database/CVE-2025-27533

Severity Score

7.5

Weakness Type (CWE)

Memory Allocation with Excessive Size Value

CWE-789

Top Fix

Upgrade Version

Upgrade to version org.apache.activemq:activemq-openwire-legacy:5.16.8;org.apache.activemq:activemq-openwire-legacy:5.17.7;org.apache.activemq:activemq-openwire-legacy:5.18.7;org.apache.activemq:activemq-openwire-legacy:6.1.6;org.apache.activemq:activemq-client:5.16.8;org.apache.activemq:activemq-client:5.17.7;org.apache.activemq:activemq-client:5.18.7;org.apache.activemq:activemq-client:6.1.6;org.apache.activemq:activemq-openwire-legacy:5.16.8;org.apache.activemq:activemq-openwire-legacy:5.17.7;org.apache.activemq:activemq-openwire-legacy:5.18.7;org.apache.activemq:activemq-openwire-legacy:6.1.6;org.apache.activemq:activemq-client:5.16.8;org.apache.activemq:activemq-client:5.17.7;org.apache.activemq:activemq-client:5.18.7;org.apache.activemq:activemq-client:6.1.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27533

Good to know:

Date: May 7, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?