**Name of the Vulnerable Software and Affected Versions:**

Apache ActiveMQ versions prior to 5.15.16, prior to 5.16.7, prior to 5.17.6, and prior to 5.18.3.

**Description:**

Apache ActiveMQ is vulnerable to Remote Code Execution (RCE) due to insecure deserialization of data within the OpenWire protocol. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the server. Public exploits exist, and real-world exploitation has been observed, including instances involving the deployment of malware such as HelloKitty ransomware, Kinsing, and the Tsunami botnet. Attackers have been observed patching the vulnerability post-exploitation to maintain persistence and evade detection.

**Recommendations:**

Upgrade to version 5.15.16 or later.

Upgrade to version 5.16.7 or later.

Upgrade to version 5.17.6 or later.

Upgrade to version 5.18.3 or later.