- Description
- Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT control packets which makes the broker susceptible to unexpected behavior when interacting with non-compliant clients. This behavior violates the MQTT v3.1.1 specification, which restricts Remaining Length to a maximum of 4 bytes. The scenario occurs on established connections after the authentication process. Brokers that are not enabling mqtt transport connectors are not impacted. This issue affects Apache ActiveMQ: before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0 Users are recommended to upgrade to version 5.19.2, 6.1.9, or 6.2.1, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- activemq
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@apache.org
- CWE-190
- Hype score
- Not currently trending
Apache ActiveMQ MQTT モジュールの脆弱性 CVE-2025-66168:整数オーバーフローと DoS 攻撃 https://t.co/a6ecg5Qc3Q 脆弱性 CVE-2025-66168 は、 Apache ActiveMQ の MQTT
@iototsecnews
12 Mar 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidad en productos Apache ❗ CVE-2025-66168 ➡️ Más info: https://t.co/zHc2oSjWkK https://t.co/plKmUBdw1U
@CERTpy
10 Mar 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 𝗔𝗽𝗮𝗰𝗵𝗲 𝗔𝗰𝘁𝗶𝘃𝗲𝗠𝗤 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗖𝗮𝗻 𝗞𝗻𝗼𝗰𝗸 𝗬𝗼𝘂𝗿 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝗢𝗳𝗳𝗹𝗶𝗻𝗲 If your business runs Apache ActiveMQ - and a lot of
@CinchOpsIT
9 Mar 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation https://t.co/iK8uP4HGNo CVE-2025-66168: Apache ActiveMQ, All Module, MQTT Module: MQTT control packet remaining length field is not properly validated https://t.co/M6i2iFBNc3
@oss_security
8 Mar 2026
392 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: Apache ActiveMQ vulnerability (CVE-2025-66168) allows DoS attacks via malformed packets. Upgrade to patched versions or disable MQTT transport connector. Link: https://t.co/68IKivMUXt #Security #Vulnerability #Apache #ActiveMQ #Patch #MQTT #Network #Attack #CVE #Malware ht
@dailytechonx
7 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
メッセージブローカーApache ActiveMQに、細工されたMQTTパケットでサービス停止を引き起こす脆弱性が見つかった。認証済みの攻撃者が不正パケットを送ることでメッセージ処理が混乱し、通信が妨害される可能
@yousukezan
6 Mar 2026
1106 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
⚡ New CVE Alert: CVE-2025-66168 📊 Severity: 5.4 🚨 Risk Level: Medium 🚨 Affects: Apache Reference: https://t.co/kpzy7UAGeq #CVE-2025-66168 #CVE #Medium #Apache #CyberSecurity #InfoSec https://t.co/Fgdbp3tpCQ
@CVEarity
4 Mar 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-66168 Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overfl… https://t.co/wDuNH2k6WB ----- Traducción: CVE-2025-66168 Apa… https://t.co/utmtN
@infoflowcloud
4 Mar 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66168 Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overfl… https://t.co/idETUnoYko
@CVEnew
4 Mar 2026
281 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66168 CVE-2025-66168 https://t.co/ZpuOX9epSO
@VulmonFeeds
4 Mar 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E187B7C-E072-439F-903C-5AD9227C5AE9",
"versionEndExcluding": "5.19.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61868905-AF68-4A48-B6C7-2B6E48D7FAA2",
"versionEndIncluding": "6.1.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46AC8D1F-0ADA-402D-B600-8A37E0BF9062",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]