PT-2025-14017 · Apache · Apache Activemq Artemis

Dain Lee

Publicado

2025-03-31

Atualizado

2026-06-15

CVE-2025-27427

CVSS v2.0

5.2

Média

Vetor

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions 2.0.0 through 2.39.0

Description A vulnerability exists in Apache ActiveMQ Artemis where a user with the createDurableQueue or createNonDurableQueue permission on an address can update the routing-type supported by that address, even without the createAddress permission. This can be exploited when combined with the send permission and automatic queue creation, allowing a user to send a message with a routing-type not supported by the address, which should be rejected due to lack of permission to change the routing-type.

Recommendations For Apache ActiveMQ Artemis versions 2.0.0 through 2.39.0, upgrade to version 2.40.0 to fix the issue.

Correção

DoS

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BDU:2025-08197

CVE-2025-27427

GHSA-3W85-5P9G-H334

Produtos afetados

Apache Activemq Artemis

PT-2025-14017 · Apache · Apache Activemq Artemis

CVE-2025-27427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17