CVE-2023-46604
Published Oct 27, 2023
Last updated 6 days ago
AI description
CVE-2023-46604 is a remote code execution (RCE) vulnerability that affects Apache ActiveMQ. It stems from the Java OpenWire protocol marshaller. A remote attacker with network access to a Java-based OpenWire broker or client can exploit this vulnerability. By manipulating serialized class types in the OpenWire protocol, the attacker can cause the broker or client to instantiate any class on the classpath, potentially leading to the execution of arbitrary shell commands. It is recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 to address this issue.
- Description
- The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- activemq, activemq_legacy_openwire_module, debian_linux, e-series_santricity_unified_manager, e-series_santricity_web_services_proxy, santricity_storage_plugin
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Nov 2, 2023
- Exploit action due
- Nov 23, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors exploit CVE-2023-46604 in Apache ActiveMQ to deploy DripDropper malware on cloud Linux systems. They patch the flaw post-compromise to block others, using PyInstaller-based DripDropper for persistence via SSH & cron jobs. Attackers leverage Dropbox and Cloudflar
@bigmacd16684
21 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDr... #news https://t.co/1IXHfFzUxP
@earthnewstech
21 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hacker “Patches” Own Vulnerability to Lock Out Rivals https://t.co/tWpqjdsxb1 #ApacheActivemq #cve-2023-46604 #CybercrimeTactics
@wizconsults
20 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 サイバー犯罪者が驚愕の新戦術を開発! Apache ActiveMQの脆弱性(CVE-2023-46604、CVSS最高スコア10.0)を悪用した後、なんと攻撃者自身がそのセキュリティホールにパッチを適用する「DripDropper」マルウェアが発
@TechTrendsJP
20 Aug 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-46604 raises an interesting point: could having multiple cybersecurity tools actually enhance your defence by creating layers of protection? Is too much focus on streamlining putting you at greater risk? #infosec #cyberrisk #security https://t.co/hCMBJvaKxf
@labrat_io
20 Aug 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are exploiting CVE-2023-46604 in Apache ActiveMQ (CVSS 10.0) to deploy DripDropper malware on cloud Linux systems. They modify SSH configs, use Dropbox for C2, and patch the flaw post-exploit to block rivals and evade detection. Patch immediately. #CyberSecurity
@CloneSystemsInc
20 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👾 Hackers are massively used Apache ActiveMQ (Cve-2023-46604) and Pour Dripdroperr. It is encrypted, hiding behind Dropbox, climbs in Cron and changes ssh. The most interesting - After breaking, put an official patch to close the hole from others. The server looks clean but ht
@Hack_Your_Mom
20 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are abusing a 2-year-old #ActiveMQ bug (CVE-2023-46604) to drop #DripDropper #malware on cloud Linux servers. ➡️Malware hides via Dropbox C2 ➡️ Creates persistence & SSH backdoors ➡️ Then patches the flaw itself to evade scans Stay patched. Stay alert.
@SecurEpitome
20 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE flaw in Apache ActiveMQ (CVE-2023-46604) is exploited to deploy DripDropper, HelloKitty ransomware, rootkits, and GoTitan botnet on cloud Linux systems. Attackers patch the flaw post-access. #ApacheActiveMQ #LinuxThreat https://t.co/P97W3vEMJQ
@TweetThreatNews
19 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our b
@redcanary
19 Aug 2025
16031 Impressions
16 Retweets
49 Likes
23 Bookmarks
0 Replies
2 Quotes
#DripDropper #Linux #Malware Red Canary entdeckte eine Kampagne, bei der Cyberkriminelle mit der DripDropper Linux Malware die Apache ActiveMQ-Schwachstelle CVE-2023-46604 ausnutzten, um sich dauerhaften Zugriff auf Cloud-Linux-Systeme zu verschaffen. https://t.co/k7hIueAzYe
@JjungSscg
19 Aug 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our
@redcanary
19 Aug 2025
15 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HTB "Broker" ActiveMQ v5.15.16以下の脆弱性(CVE-2023-46604) nginxの脆弱性を利用した権限昇格(権限昇格しなくても公開されているエクスプロイトを利用するとroot.txtはダウンロードできる)
@okuyama01891940
13 Jul 2025
264 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#opendir hosting exploit for Apache #ActiveMQ #CVE-2023-46604 172.104.160.236:8001 🇸🇬 Zip of files: https://t.co/pdeezArSf1 https://t.co/3ZxSyqfMEJ
@sicehice
29 Dec 2024
1521 Impressions
6 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ の脆弱性 CVE-2023-46604:Mauri ランサムウェアが悪用 https://t.co/mb9Ub6N2xk Apache ActiveMQ の脆弱性 CVE-2023-46604 ですが、すでに Mauri… https://t.co/6sk4RgFqSe
@iototsecnews
16 Dec 2024
65 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ! CVE-2023-46604 is a critical vulnerability affecting the Java OpenWire protocol used by Apache ActiveMQ. This flaw enables remote attackers with network access to execute arbitrary shell commands by… https
@Loginsoft_Inc
12 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604) | 09-12-2024 Source: https://t.co/a2Px0dwVEV Key details below ↓ 🧑💻Actors/Campaigns: Andariel 💀Threats: Mauricrypt, Coinminer, Cobalt_strike, Hellokitt
@rst_cloud
11 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware exploits Apache ActiveMQ flaw in its attack #MauriRansomware #ApacheActiveMQ #CVE-2023-46604 https://t.co/24fA5b6Eg6
@pravin_karthik
11 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CUIDADO: Vulneraabilidad en Apache ActiveMQ (CVE-2023-46604) está siendo explotada por Mauri Ransomware
@fcabrera222
10 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: Apache ActiveMQ Vulnerability (CVE-2023-46604) 🛑 Vulnerability Details: Exploitable via OpenWire protocol by manipulating serialized class types. Allows remote code execution & arbitrary command execution. Actively exploited by groups like Andariel,… http
@GHak2learn27752
10 Dec 2024
113 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#ThreatProtection Beware: Apache ActiveMQ vulnerability (CVE-2023-46604) is reportedly being exploited by Mauri Ransomware. Read more about Symantec's protections: https://t.co/k7DilluMpA
@threatintel
10 Dec 2024
984 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2023-46604: Mauri Ransomware Exploits Apache ActiveMQ Flaw ⚠️This vulnerability allows attackers to execute malicious commands remotely on unpatched servers, potentially leading to data breaches, system compromises, or ransomware deployments. ZoomEye Dork👉app:"Apache… h
@zoomeye_team
9 Dec 2024
495 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/Ig7V5QVghb The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun depl…
@f1tym1
9 Dec 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗣 Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/QGziNVp5NT
@fridaysecurity
9 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) Stay informed about the latest cyber threat: Mauri ransomware exploiting a critical vulnerability (CVE-2023-46604) in #Apache #ActiveMQ https://t.co/AwojUhUg5f
@the_yellow_fall
9 Dec 2024
94 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Group Targeting Apache ActiveMQ Vulnerability (CVE-2023-46604) https://t.co/lhl7NkPpdE
@iProtectCSS
8 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ongoing attacks exploit CVE-2023-46604 in Apache ActiveMQ to install CoinMiners & Mauri ransomware on unpatched systems. Tools like Ladon & z0Miner are used. Timely updates are crucial! 🔒💻 #CVE202346604 #RansomwareThreat #ActiveMQ #ThreatResearch link: https://t.co/gDg
@TweetThreatNews
8 Dec 2024
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔒 Ataques detectados contra Apache ActiveMQ utilizando CVE-2023-46604 para distribuir ransomware Mauri 🚨 El Centro de Respuesta de Emergencia de Seguridad de AhnLab (ASEC) ha identificado ataques que explotan la vulnerabilidad CVE-2023-46604 en Apache ActiveMQ. Esta… https://t
@MDmanfredi
3 Dec 2024
111 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1",
"versionEndExcluding": "5.15.16"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8",
"versionEndExcluding": "5.15.16"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"
},
{
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"vulnerable": true,
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
}
],
"operator": "OR"
}
]
}
]