CVE-2025-27533

HIGH

Apache ActiveMQ 5.16.0-5.16.7, 5.17.0-5.17.6, 5.18.0-5.18.6 - Denial of Service via OpenWire Buffer Size Validation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-27533. PoCs published by Abdualhadi khalifa, absholi7ly.

AI-analyzed exploit summary This exploit targets CVE-2025-27533, a DoS vulnerability in Apache ActiveMQ 6.1.6. It sends maliciously crafted packets with large buffer sizes to overwhelm the server, causing a denial of service.

Description

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Exploits (2)

exploitdb WORKING POC

by Abdualhadi khalifa · pythonremotemultiple

https://www.exploit-db.com/exploits/52288

View Code ZIP pw:eip

This exploit targets CVE-2025-27533, a DoS vulnerability in Apache ActiveMQ 6.1.6. It sends maliciously crafted packets with large buffer sizes to overwhelm the server, causing a denial of service.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ 6.1.6

No auth needed

Prerequisites: Network access to the target server · Open port for ActiveMQ (default: 61616)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by absholi7ly · poc

https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ

View Code ZIP pw:eip

This is a functional DoS exploit for CVE-2025-27533 targeting Apache ActiveMQ. It sends maliciously crafted packets with large buffer sizes to trigger a denial-of-service condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Apache ActiveMQ

No auth needed

Prerequisites: Network access to the target ActiveMQ instance · Open port (default 61616 for OpenWire)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2025/05/06/1

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg

Scores

CVSS v3 7.5

EPSS 0.0225

EPSS Percentile 85.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-789

Status published

Products (3)

apache/activemq 5.16.0 - 5.16.8

org.apache.activemq/activemq-client 0 - 5.16.8Maven

org.apache.activemq/activemq-openwire-legacy 0 - 5.16.8Maven

Published May 07, 2025

Tracked Since Feb 18, 2026