CVE-2023-46604

Published Oct 27, 2023

Last updated 6 months ago

Exploit knownCVSS critical 10.0
Apache ActiveMQ

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-46604 is a remote code execution (RCE) vulnerability that affects Apache ActiveMQ. It stems from the Java OpenWire protocol marshaller. A remote attacker with network access to a Java-based OpenWire broker or client can exploit this vulnerability. By manipulating serialized class types in the OpenWire protocol, the attacker can cause the broker or client to instantiate any class on the classpath, potentially leading to the execution of arbitrary shell commands. It is recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 to address this issue.

Description
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Source
security@apache.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
Exploit added on
Nov 2, 2023
Exploit action due
Nov 23, 2023
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@apache.org
CWE-502

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

28

  1. Hacker “Patches” Own Vulnerability to Lock Out Rivals https://t.co/tWpqjdsxb1 #ApacheActivemq #cve-2023-46604 #CybercrimeTactics

    @wizconsults

    20 Aug 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 サイバー犯罪者が驚愕の新戦術を開発! Apache ActiveMQの脆弱性(CVE-2023-46604、CVSS最高スコア10.0)を悪用した後、なんと攻撃者自身がそのセキュリティホールにパッチを適用する「DripDropper」マルウェアが発

    @TechTrendsJP

    20 Aug 2025

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2023-46604 raises an interesting point: could having multiple cybersecurity tools actually enhance your defence by creating layers of protection? Is too much focus on streamlining putting you at greater risk? #infosec #cyberrisk #security https://t.co/hCMBJvaKxf

    @labrat_io

    20 Aug 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Threat actors are exploiting CVE-2023-46604 in Apache ActiveMQ (CVSS 10.0) to deploy DripDropper malware on cloud Linux systems. They modify SSH configs, use Dropbox for C2, and patch the flaw post-exploit to block rivals and evade detection. Patch immediately. #CyberSecurity

    @CloneSystemsInc

    20 Aug 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 👾 Hackers are massively used Apache ActiveMQ (Cve-2023-46604) and Pour Dripdroperr. It is encrypted, hiding behind Dropbox, climbs in Cron and changes ssh. The most interesting - After breaking, put an official patch to close the hole from others. The server looks clean but ht

    @Hack_Your_Mom

    20 Aug 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Hackers are abusing a 2-year-old #ActiveMQ bug (CVE-2023-46604) to drop #DripDropper #malware on cloud Linux servers. ➡️Malware hides via Dropbox C2 ➡️ Creates persistence & SSH backdoors ➡️ Then patches the flaw itself to evade scans Stay patched. Stay alert.

    @SecurEpitome

    20 Aug 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A critical RCE flaw in Apache ActiveMQ (CVE-2023-46604) is exploited to deploy DripDropper, HelloKitty ransomware, rootkits, and GoTitan botnet on cloud Linux systems. Attackers patch the flaw post-access. #ApacheActiveMQ #LinuxThreat https://t.co/P97W3vEMJQ

    @TweetThreatNews

    19 Aug 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our b

    @redcanary

    19 Aug 2025

    16031 Impressions

    16 Retweets

    49 Likes

    23 Bookmarks

    0 Replies

    2 Quotes

  9. #DripDropper #Linux #Malware Red Canary entdeckte eine Kampagne, bei der Cyberkriminelle mit der DripDropper Linux Malware die Apache ActiveMQ-Schwachstelle CVE-2023-46604 ausnutzten, um sich dauerhaften Zugriff auf Cloud-Linux-Systeme zu verschaffen. https://t.co/k7hIueAzYe

    @JjungSscg

    19 Aug 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our

    @redcanary

    19 Aug 2025

    15 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. HTB "Broker" ActiveMQ v5.15.16以下の脆弱性(CVE-2023-46604) nginxの脆弱性を利用した権限昇格(権限昇格しなくても公開されているエクスプロイトを利用するとroot.txtはダウンロードできる)

    @okuyama01891940

    13 Jul 2025

    264 Impressions

    0 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. #opendir hosting exploit for Apache #ActiveMQ #CVE-2023-46604 172.104.160.236:8001 🇸🇬 Zip of files: https://t.co/pdeezArSf1 https://t.co/3ZxSyqfMEJ

    @sicehice

    29 Dec 2024

    1521 Impressions

    6 Retweets

    28 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  13. Apache ActiveMQ の脆弱性 CVE-2023-46604:Mauri ランサムウェアが悪用 https://t.co/mb9Ub6N2xk Apache ActiveMQ の脆弱性 CVE-2023-46604 ですが、すでに Mauri… https://t.co/6sk4RgFqSe

    @iototsecnews

    16 Dec 2024

    65 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. #DOYOUKNOWCVE Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ! CVE-2023-46604 is a critical vulnerability affecting the Java OpenWire protocol used by Apache ActiveMQ. This flaw enables remote attackers with network access to execute arbitrary shell commands by… https

    @Loginsoft_Inc

    12 Dec 2024

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. #threatreport #MediumCompleteness Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604) | 09-12-2024 Source: https://t.co/a2Px0dwVEV Key details below ↓ 🧑‍💻Actors/Campaigns: Andariel 💀Threats: Mauricrypt, Coinminer, Cobalt_strike, Hellokitt

    @rst_cloud

    11 Dec 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Mauri Ransomware exploits Apache ActiveMQ flaw in its attack #MauriRansomware #ApacheActiveMQ #CVE-2023-46604 https://t.co/24fA5b6Eg6

    @pravin_karthik

    11 Dec 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CUIDADO: Vulneraabilidad en Apache ActiveMQ (CVE-2023-46604) está siendo explotada por Mauri Ransomware

    @fcabrera222

    10 Dec 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Critical Alert: Apache ActiveMQ Vulnerability (CVE-2023-46604) 🛑 Vulnerability Details: Exploitable via OpenWire protocol by manipulating serialized class types. Allows remote code execution & arbitrary command execution. Actively exploited by groups like Andariel,… http

    @GHak2learn27752

    10 Dec 2024

    113 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. #ThreatProtection Beware: Apache ActiveMQ vulnerability (CVE-2023-46604) is reportedly being exploited by Mauri Ransomware. Read more about Symantec's protections: https://t.co/k7DilluMpA

    @threatintel

    10 Dec 2024

    984 Impressions

    2 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨🚨CVE-2023-46604: Mauri Ransomware Exploits Apache ActiveMQ Flaw ⚠️This vulnerability allows attackers to execute malicious commands remotely on unpatched servers, potentially leading to data breaches, system compromises, or ransomware deployments. ZoomEye Dork👉app:"Apache… h

    @zoomeye_team

    9 Dec 2024

    495 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  21. Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/Ig7V5QVghb The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun depl…

    @f1tym1

    9 Dec 2024

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🗣 Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/QGziNVp5NT

    @fridaysecurity

    9 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) Stay informed about the latest cyber threat: Mauri ransomware exploiting a critical vulnerability (CVE-2023-46604) in #Apache #ActiveMQ https://t.co/AwojUhUg5f

    @the_yellow_fall

    9 Dec 2024

    94 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Mauri Ransomware Group Targeting Apache ActiveMQ Vulnerability (CVE-2023-46604) https://t.co/lhl7NkPpdE

    @iProtectCSS

    8 Dec 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Ongoing attacks exploit CVE-2023-46604 in Apache ActiveMQ to install CoinMiners & Mauri ransomware on unpatched systems. Tools like Ladon & z0Miner are used. Timely updates are crucial! 🔒💻 #CVE202346604 #RansomwareThreat #ActiveMQ #ThreatResearch link: https://t.co/gDg

    @TweetThreatNews

    8 Dec 2024

    10 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🔒 Ataques detectados contra Apache ActiveMQ utilizando CVE-2023-46604 para distribuir ransomware Mauri 🚨 El Centro de Respuesta de Emergencia de Seguridad de AhnLab (ASEC) ha identificado ataques que explotan la vulnerabilidad CVE-2023-46604 en Apache ActiveMQ. Esta… https://t

    @MDmanfredi

    3 Dec 2024

    111 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.