CVE-2025-66168MEDIUMCVSS 5.4fixed in 5.19.2·≥ 6.0.0, < 6.1.9+1 more2026-03-04
CVE-2025-66168 [MEDIUM] CWE-190 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
WARNING:
Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases.
See the following for more details:
https://activemq.apache.org/security-adv
cvelistv5