Apache · Apache Activemq Artemis · CVE-2025-27391
Name of the Vulnerable Software and Affected Versions:
Apache ActiveMQ Artemis versions 1.5.1 through 2.39.x
Description:
The issue concerns the insertion of sensitive information into log files. When the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled, all values of the broker properties are logged, potentially exposing sensitive data. This can be mitigated by restricting log access to only trusted users.
Recommendations:
For Apache ActiveMQ Artemis versions 1.5.1 through 2.39.x, upgrade to version 2.40.0, which fixes the issue.
As a temporary workaround, consider restricting log access to only trusted users to minimize the risk of sensitive information exposure.