CVE-2025-27391

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users. Users are recommended to upgrade to version 2.40.0, which fixes the issue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps	Mailing List Vendor Advisory Issue Tracking
http://www.openwall.com/lists/oss-security/2025/04/09/3	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

History

14 Jul 2025, 12:12

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:apache:activemq_artemis::::::::
First Time		Apache activemq Artemis Apache
Summary		(es) Vulnerabilidad de inserción de información confidencial en el archivo de registro en Apache ActiveMQ Artemis. Todos los valores de las propiedades del agente se registran cuando el registrador org.apache.activemq.artemis.core.config.impl.ConfigurationImpl tiene habilitado el nivel de depuración. Este problema afecta a Apache ActiveMQ Artemis desde la versión 1.5.1 hasta la 2.40.0. Se puede mitigar restringiendo el acceso al registro solo a usuarios de confianza. Se recomienda actualizar a la versión 2.40.0, que soluciona el problema.
References	~~() https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps -~~	() https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps - Mailing List, Vendor Advisory, Issue Tracking
References	~~() http://www.openwall.com/lists/oss-security/2025/04/09/3 -~~	() http://www.openwall.com/lists/oss-security/2025/04/09/3 - Mailing List, Third Party Advisory

09 Apr 2025, 17:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/09/3 -

09 Apr 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-09 15:16

Updated : 2025-07-14 12:12

NVD link : CVE-2025-27391

Mitre link : CVE-2025-27391

CVE.ORG link : CVE-2025-27391

JSON object : View

Products Affected

apache

activemq_artemis

CWE

CWE-532

Insertion of Sensitive Information into Log File

6.5 /10