CVE-2025-66168
Severity
8.8HIGH
EPSS
0.1%
top 78.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 4
Latest updateApr 9
Description
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT control packets which makes the broker susceptible to unexpected behavior when interacting with non-compliant clients. This behavior violates the MQTT v3.1.1 specification, which restricts Remaining Lengt…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5
Affected Packages9 packages
🔴Vulnerability Details
4OSV▶
CVE-2025-66168: Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets↗2026-03-04
CVEList▶
Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated↗2026-03-04
📋Vendor Advisories
3Red Hat▶
org.apache.activemq/apache-activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-mqtt: MQTT control packet remaining length field is not properly validated (missing fix for CVE-2025↗2026-04-09
Red Hat▶
org.apache.activemq/apache-activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-mqtt: Apache ActiveMQ: Unexpected behavior due to integer overflow in MQTT packet decoding↗2026-03-04
Debian▶
CVE-2025-66168: activemq - Apache ActiveMQ does not properly validate the remaining length field which may ...↗2025
🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-40046 org.apache.activemq/apache-activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-mqtt: MQTT control packet remaining length field is not properly validated (missing f↗2026-04-09