【資安漏洞預警】Apache ActiveMQ NMS AMQP存在高風險安全漏洞(CVE-2025-54539)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Apache ActiveMQ NMS AMQP存在高風險安全漏洞(CVE-2025-54539)，請儘速確認並進行修補 [Security Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539). Please confirm and patch it as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心 NISAC-200-202510-00000201 [內容說明] 研究人員發現Apache ActiveMQ NMS AMQP用戶端存在反序列化不受信任資料(Deserialization of Untrusted Data)漏洞(CVE-2025-54539)。未經身分鑑別之遠端攻擊者可在受影響用戶端與不受信任之AMQP伺服器建立連線時，回傳特製序列化資料即可於用戶端執行任意程式碼，請儘速確認並進行修補。 [影響平台] Apache ActiveMQ NMS AMQP 2.3.0(含)以前版本 [建議措施] 請更新Apache ActiveMQ NMS AMQP至2.4.0(含)以後版本 [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-54539 2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000201) [Description] Researchers have discovered a Deserialization of Untrusted Data vulnerability (CVE-2025-54539) in the Apache ActiveMQ NMS AMQP client. An unauthenticated remote attacker could establish a connection between an affected client and an untrusted AMQP server and send specially crafted serialized data back, potentially allowing arbitrary code execution on the client. Please verify and patch as soon as possible. [Affected Platforms] Apache ActiveMQ NMS AMQP 2.3.0 and earlier [Recommended Action] Please update Apache ActiveMQ NMS AMQP to 2.4.0 and later. [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-54539 2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n
相關訊息	參考資料1 參考資料2
公告時間	2025/10/23 至 2026/4/23	點閱次數	216