GHSA-9G64-R942-FVMP Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

CVE-2025-29953

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

CVE-2025-29953 Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

CVE-2025-29953

Apache ActiveMQ NMS OpenWire Client (before 2.1.1) is affected by a Deserialization of Untrusted Data vulnerability. Untrusted servers can abuse unbounded deserialization to potentially achieve arbitrary code execution on the client. A 2.1.0 denial/allowlist feature was introduced but could be by...