CVE-2025-66168 – Apache ActiveMQ has an integer overflow vulnera... (How to Fix)

Q: What is the severity of CVE-2025-66168?

CVE-2025-66168 has a CVSS score of 5.4 (MEDIUM). Apache ActiveMQ has an integer overflow vulnerability in MQTT packet handling that allows malformed packets to cause unexpected broker behavior. This affects ActiveMQ versions before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0 when MQTT transport connectors are enabled. Attackers can exploit this after authentication to potentially disrupt broker operations.

📋 TL;DR

Apache ActiveMQ has an integer overflow vulnerability in MQTT packet handling that allows malformed packets to cause unexpected broker behavior. This affects ActiveMQ versions before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0 when MQTT transport connectors are enabled. Attackers can exploit this after authentication to potentially disrupt broker operations.

💻 Affected Systems

Products:

Apache ActiveMQ

Versions: Before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0

Operating Systems: All operating systems running affected ActiveMQ versions

Default Config Vulnerable: ✅ No

Notes: Only affects brokers with MQTT transport connectors enabled. Authentication is required to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Broker crashes or becomes unresponsive, leading to denial of service and disruption of message queuing services

🟠

Likely Case

Broker instability, degraded performance, or unexpected behavior when processing malformed MQTT packets

🟢

If Mitigated

Minimal impact if MQTT transport is disabled or proper network segmentation isolates vulnerable brokers

🌐 Internet-Facing: MEDIUM - Requires authentication but could be exploited by authenticated external clients

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit after authentication

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending specially crafted MQTT packets after successful authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.19.2, 6.1.9, or 6.2.1

Vendor Advisory: https://lists.apache.org/thread/13n8mkrb2jf2y6yyhpgrkmpqcm7djyto

Restart Required: Yes

Instructions:

1. Download patched version from Apache ActiveMQ website. 2. Stop ActiveMQ service. 3. Backup configuration and data. 4. Install new version. 5. Restore configuration if needed. 6. Start ActiveMQ service.

🔧 Temporary Workarounds

Disable MQTT Transport

all

Disable MQTT transport connectors if not required

Edit activemq.xml and remove or comment out <transportConnector> elements with mqtt protocol

Network Segmentation

all

Restrict MQTT port access to trusted clients only

Configure firewall rules to limit access to MQTT port (default 1883/8883)

🧯 If You Can't Patch

Disable MQTT transport connectors if not required for operations
Implement strict network access controls to limit MQTT traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check ActiveMQ version and verify MQTT transport is enabled in configuration

Check Version:

Check activemq.log or run: java -jar activemq.jar --version

Verify Fix Applied:

Verify ActiveMQ version is 5.19.2, 6.1.9, or 6.2.1 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected broker restarts
Error messages related to MQTT packet parsing
Connection drops after malformed packets

Network Indicators:

Unusual MQTT traffic patterns
Multiple malformed MQTT packets from single source

SIEM Query:

source="activemq.log" AND ("MQTT" AND ("error" OR "malformed" OR "overflow"))

📊 Metadata

CVE ID: CVE-2025-66168

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-190

Published: March 4, 2026

Last Updated: March 5, 2026

🔗 References

https://lists.apache.org/thread/13n8mkrb2jf2y6yyhpgrkmpqcm7djyto Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/03/03/5 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66168, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Activemq by Apache

Activemq by Apache

Activemq by Apache

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable MQTT Transport

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities