CVE-2025-66168

EPSS 0.08%
Veröffentlicht 04.03.2026 08:45:00
Zuletzt bearbeitet 10.04.2026 11:16:21
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING:

Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases.

See the  following for more details:
 https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt 
 https://www.cve.org/CVERecord?id=CVE-2026-40046 



Original Report:

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT control packets which makes the broker susceptible to unexpected behavior when interacting with non-compliant clients. This behavior violates the MQTT v3.1.1 specification, which restricts Remaining Length to a maximum of 4 bytes. The scenario occurs on established connections after the authentication process. Brokers that are not enabling mqtt transport connectors are not impacted.

This issue affects Apache ActiveMQ: before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0

Users are recommended to upgrade to version 5.19.2, 6.1.9, or 6.2.1, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Activemq Version < 5.19.2

Apache ≫ Activemq Version >= 6.0.0 <= 6.1.8

Apache ≫ Activemq Version6.2.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.226

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@apache.org	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://lists.apache.org/thread/13n8mkrb2jf2y6yyhpgrkmpqcm7djyto

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/03/5

Third Party Advisory

Mailing List

https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt

https://www.cve.org/CVERecord?id=CVE-2026-40046

https://nvd.nist.gov/vuln/detail/CVE-2025-66168

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66168

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66168

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66168