/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-27427

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27427

CGA ID

CGA-xh55-rq82-pr63

Severity

Unknown

Summary

Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type

Description

A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address.

This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0.

Users are recommended to upgrade to version 2.40.0 which fixes the issue.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs