Critical RCE Vulnerability in Apache ActiveMQ Exploited by Attackers
TL;DR
Critical Vulnerabilities in Apache ActiveMQ
Remote Code Execution Flaw in .NET Client Library
A critical security flaw (CVE-2025-54539) in Apache ActiveMQ's .NET client library (NMS AMQP Client) puts developers at risk of remote code execution. The vulnerability exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client connects to a malicious AMQP server. Attackers can exploit this flaw to run arbitrary code on client machines, potentially leading to full system compromise.
Deserialization Vulnerability Details
The vulnerability arises from insecure deserialization logic in the NMS AMQP client library. When a client connects to a server, it processes incoming serialized objects without sufficient validation. Although version 2.1.0 of the client introduced allow/deny lists to limit types that could be deserialized, researchers discovered ways to bypass these restrictions under specific conditions. Any application using the NMS AMQP client up to and including version 2.3.0 remains vulnerable. Successful exploitation of CVE-2025-54539 allows remote attackers to execute arbitrary code on the client side, potentially leading to data theft, system takeover, or the deployment of additional malware. The severity of this flaw is rated as Important by the Apache project, reflecting the high potential impact on confidentiality, integrity, and availability.
Mitigation Steps
Developers and administrators should upgrade immediately to version 2.4.0 or later of the Apache ActiveMQ NMS AMQP Client, where this flaw has been fixed. Long-term mitigation also involves moving away from .NET binary serialization entirely, as Microsoft plans to deprecate this feature in .NET 9. Projects should adopt safer serialization frameworks like JSON or Protocol Buffers and enforce strict type checks. Security teams are encouraged to review their message broker configurations and ensure that clients only connect to trusted AMQP servers. Network-level controls, such as firewall rules or VPN tunnels, can further reduce exposure by restricting access to legitimate broker endpoints.
CVE-2023-46604: Critical RCE Threat in Apache ActiveMQ
CVE-2023-46604 is a major remote code execution (RCE) vulnerability in Apache ActiveMQ, a Java-based message broker. This flaw allows attackers to gain control of unpatched systems, establish persistence, install malware, and evade detection. Attackers are covering their tracks using "self-patching" techniques, making it incredibly hard to spot once a system is compromised. This vulnerability could affect entire environments, from cloud setups to containerized workflows. Standard defense strategies relying on SSH hardening, VPNs, or firewalls may not provide adequate protection.
Exploitation and Impact
Attackers exploit the RCE to drop malware and gain administrative control over the server. Once in, they replace the vulnerable ActiveMQ JAR files with legitimate ones, creating a false sense of security. Due to poorly secured ActiveMQ deployments, attackers can execute arbitrary code remotely. They deploy advanced implants, like the Sliver toolkit, to gain long-term control, modify core configuration files like sshd_config
to enable root account logins. The DripDropper malware, an encrypted downloader, retrieves commands and additional payloads from attacker-controlled Dropbox accounts.
The impact of exploitation is severe:
- Data Exfiltration: Sensitive data or API keys can be siphoned away in minutes.
- Ransomware or Cryptojacking: Attackers can quickly pivot to deploying ransomware or cryptomining malware.
- Persistent Backdoors: SSH configurations are modified, and cron jobs get hijacked, ensuring uninterrupted access.
- Lateral Movement: Attackers can pivot within the network to find additional high-value targets.
Mitigation Strategies
To secure Linux systems against CVE-2023-46604, immediate mitigation steps and long-term best practices are crucial.
- Patch Immediately and Validate Post-Patch: Install the fixes for CVE-2023-46604 and review ActiveMQ logs and configuration files for any signs of prior compromise.
- Disable Root Logins: Lock down SSH configuration. Disable root logins entirely and enforce SSH key-based authentication for all administrative access. Tools like Ansible can automate these configurations.
- Audit Cron Jobs and User Accounts: Check for unauthorized entries or modifications to
/etc/cron.*
and/etc/passwd
. - Restrict Network Access: Use firewalls to restrict access to trusted IP ranges or implement VPN-based access controls.
- Monitor Suspicious Traffic Patterns: Enable detailed logging for processes and network communications. Look for unusual SSH activity, files matching DripDropper’s signature, or outbound connections to Dropbox and similar services.
CVE-2023-46604 Exploitation Details
CVE-2023-46604 is a high-severity remote code execution (RCE) vulnerability in Apache ActiveMQ, rated CVSS 9.8. It leverages deserialization of untrusted data [CWE-502] in the OpenWire protocol. The Apache ActiveMQ message broker can be exploited remotely [T1210] for execution of arbitrary shell commands at the privilege level of the ActiveMQ process [T1068]. CISA added CVE-2023-46604 to its actively exploited catalog on November 2nd. Attacks leveraging CVE-2023-46604 have included ransomware deployment consistent with the HelloKitty and TellYouThePass ransomware variants and Kinsing cryptomining malware.
Technical Analysis
The Apache ActiveMQ broker service uses the OpenWire protocol for communication on port 61616 by default. The exploit occurs by manipulating serialized class types to cause the broker to instantiate any class on the classpath. Serialization is the process of converting data objects into an encoded format for transmission. Deserialization is the reverse process whereby the serialized data is reconstructed. ActiveMQ is built on the Spring Java Framework. CVE-2023-46604 is exploited by specifying the ClassPathXmlApplicationContext
class for the type of data to be unmarshalled. The ClassPathXmlApplicationContext
class will fetch a remote XML file, allowing the attacker to specify their own malicious XML hosted anywhere on the Internet to be imported. The malicious XML file can include system commands to be called via the java.lang.ProcessBuilder.start
function.
Remediation
Several versions of Apache ActiveMQ, ActiveMQ Artemis, and Apache ActiveMQ Legacy OpenWire Module are affected. Users are strongly urged to upgrade affected brokers and clients to fixed versions 5.15.16, 5.16.7, 5.17.6, 5.18.3, or later. Patched versions were released in late October 2023, and ActiveMQ version 6.0.0 was released on November 17th. Although there is no alternative workaround for preventing exploitation of CVE-2023-46604 available for ActiveMQ itself, firewall rules may be used to whitelist trusted brokers and clients to prevent access by untrusted IP addresses.
ActiveMQ CVE-2023-46604 Update
CVE-2023-46604 impacts both ActiveMQ Classic and ActiveMQ Artemis brokers and Java-based OpenWire clients. Users of both ActiveMQ Classic and ActiveMQ Artemis brokers are recommended to upgrade. Users of any Java-based OpenWire client (e.g., Maven dependency on activemq-client
) are recommended to upgrade regardless of which broker you’re using. New releases for all current branches were made available on the day the CVE was announced.
Affected Versions
ActiveMQ Classic:
ActiveMQ Artemis:
Vulnerability Details
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath.
Three things are required to exploit this vulnerability:
- Network access
- A manipulated OpenWire command (used to instantiate an arbitrary class on the classpath with a
String
parameter) - A class on the classpath which can execute arbitrary code simply by instantiating it with a
String
parameter
The manipulated command can be sent by a client to a broker or from a broker to a client, so both are vulnerable.
ActiveMQ Classic and Artemis Specifics
The ActiveMQ Classic broker ships with a handful of Spring dependencies including org.springframework.context.support.ClassPathXmlApplicationContext
, which is used to run Spring applications. This class has a constructor which takes a String
that can be an HTTP URL pointing to an XML application configuration file across the network. The only known exploit of this vulnerability uses this ClassPathXmlApplicationContext
to load a malicious XML application configuration file from somewhere on the network via HTTP. This malicious XML specifically defines the arbitrary code to be run on the machine with the vulnerability (i.e., broker or client). ActiveMQ Artemis supports the OpenWire protocol and therefore has dependencies from ActiveMQ Classic for this support, including the vulnerable code. However, Artemis doesn’t ship Spring, so there is currently no known exploit. Regardless, upgrading is still recommended.