[Security Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539). Please confirm and patch it as soon as possible.

[Security Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539). Please confirm and patch it as soon as possible.

2025/10/23 ～ 2026/4/23

View Count：82

Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000201)

[Description]
Researchers have discovered a Deserialization of Untrusted Data vulnerability (CVE-2025-54539) in the Apache ActiveMQ NMS AMQP client. An unauthenticated remote attacker could establish a connection between an affected client and an untrusted AMQP server and send specially crafted serialized data back, potentially allowing arbitrary code execution on the client. Please verify and patch as soon as possible.

[Affected Platforms]
Apache ActiveMQ NMS AMQP 2.3.0 and earlier

[Recommended Action]
Please update Apache ActiveMQ NMS AMQP to 2.4.0 and later.

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-54539
2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n

[Security Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539). Please confirm and patch it as soon as possible.

2025/10/23 ～ 2026/4/23

View Count：82

Files

參考資料1

參考資料2

【Back】

[Security Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539). Please confirm and patch it as soon as possible.

2025/10/23 ～ 2026/4/23

View Count：82

Files

system_update_alt參考資料1

system_update_alt參考資料2

【Back】

參考資料1

參考資料2