CVE-2015-5254

CRITICAL

Apache ActiveMQ <5.13.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2015-5254. PoCs published by jas502n, Ma1Dong, Catherines77.

AI-analyzed exploit summary This repository provides a proof-of-concept exploit for CVE-2015-5254, a deserialization vulnerability in Apache ActiveMQ. It demonstrates how to achieve remote code execution by sending a malicious serialized payload to an ActiveMQ instance and triggering it via the admin interface.

Description

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Exploits (4)

nomisec WORKING POC 15 stars

by jas502n · poc

https://github.com/jas502n/CVE-2015-5254

View Code ZIP pw:eip

This repository provides a proof-of-concept exploit for CVE-2015-5254, a deserialization vulnerability in Apache ActiveMQ. It demonstrates how to achieve remote code execution by sending a malicious serialized payload to an ActiveMQ instance and triggering it via the admin interface.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ 5.11.1

Auth required

Prerequisites: ActiveMQ instance with open port 61616 · Admin credentials for the ActiveMQ web interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Ma1Dong · poc

https://github.com/Ma1Dong/ActiveMQ_CVE-2015-5254

View Code ZIP pw:eip

This repository provides a proof-of-concept for CVE-2015-5254, an Apache ActiveMQ deserialization vulnerability. It includes steps to exploit the vulnerability by sending a malicious payload to trigger remote code execution via a reverse shell.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ 5.x versions before 5.13.0

Auth required

Prerequisites: Access to the ActiveMQ admin interface · Open 61616 port · Java environment to run the exploit tool

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Catherines77 · poc

https://github.com/Catherines77/ActiveMQ-EXPtools

View Code ZIP pw:eip

This repository contains a functional exploit tool for CVE-2015-5254, a deserialization vulnerability in Apache ActiveMQ. It includes a GUI-based application with modules for detecting and exploiting multiple ActiveMQ vulnerabilities, including CVE-2015-5254, with support for generating payloads and executing reverse shells.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ

No auth needed

Prerequisites: Access to the target ActiveMQ instance · Java runtime environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 20, 2026 Full analysis →

nomisec WORKING POC

by guigui237 · poc

https://github.com/guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-

View Code ZIP pw:eip

This repository demonstrates the exploitation of CVE-2015-5254, a deserialization vulnerability in Apache ActiveMQ versions up to 5.13.0. The PoC uses the 'jmet' tool to send a malicious JMS ObjectMessage payload to execute arbitrary commands (e.g., 'touch /tmp/success') on the target system.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ <= 5.13.0

No auth needed

Prerequisites: Network access to ActiveMQ's OpenWire port (default: 61616) · jmet tool (jmet-0.1.0-all.jar)

MITRE ATT&CK