Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
Severity
6.9MEDIUM
EPSS
2.3%
top 15.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 7
Latest updateJan 15
Description
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.
During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, …
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Affected Packages5 packages
🔴Vulnerability Details
4OSV▶
CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ↗2025-05-07
💥Exploits & PoCs
1📋Vendor Advisories
6Oracle
▶
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Core (Apache ActiveMQ) — CVE-2025-27533↗2025-10-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Microservices (Apache ActiveMQ) — CVE-2025-27533↗2025-07-15
Debian▶
CVE-2025-27533: activemq - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. D...↗2025