PT-2025-15697 · Apache · Apache Activemq Artemis

Rafael Yanez Illescas

Published

2025-04-09

Updated

2026-06-15

CVE-2025-27391

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions 1.5.1 through 2.39.x

Description: The issue concerns the insertion of sensitive information into log files. When the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled, all values of the broker properties are logged, potentially exposing sensitive data. This can be mitigated by restricting log access to only trusted users.

Recommendations: For Apache ActiveMQ Artemis versions 1.5.1 through 2.39.x, upgrade to version 2.40.0, which fixes the issue. As a temporary workaround, consider restricting log access to only trusted users to minimize the risk of sensitive information exposure.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-27391

GHSA-PM4J-P7PM-FPVX

Affected Products

Apache Activemq Artemis

PT-2025-15697 · Apache · Apache Activemq Artemis

CVE-2025-27391

Weakness Enumeration

Related Identifiers

Affected Products

References · 13