Primary

Context

Apache ActiveMQ Artemis Routing-Type Vulnerability in Queue Permissions

Vulnerability

Patched

A vulnerability in Apache ActiveMQ Artemis allows users with queue creation permissions to modify the routing-type of addresses without having the necessary address creation permission. This issue, present in versions 2.0.0 through 2.39.0, could be exploited by users with send permission and automatic queue creation, enabling them to send messages with unsupported routing-types that should have been rejected.

Impact

Exploitation of this vulnerability could lead to messages being sent with routing-types not authorized for the user's address, bypassing intended permission controls.

Remediation

Users are advised to upgrade to Apache ActiveMQ Artemis version 2.40.0, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache ActiveMQ Artemis Routing-Type Vulnerability in Queue Permissions

Vulnerability

Impact

Remediation

Affected Products

Apache ActiveMQ Artemis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating