CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

GHSA-4MJW-XR5X-PRPC Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

CVE-2025-54539

Apache ActiveMQ NMS AMQP Client (vulnerable up to 2.3.0) suffers Deserialization of Untrusted Data due to unbounded deserialization logic when connecting to untrusted AMQP servers. Malicious responses could lead to arbitrary code execution on the client side; a 2.1.0 deserialization restriction v...

Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the Body...

CVE-2025-29953

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

CVE-2025-29953

Apache ActiveMQ NMS OpenWire Client (before 2.1.1) is affected by a Deserialization of Untrusted Data vulnerability. Untrusted servers can abuse unbounded deserialization to potentially achieve arbitrary code execution on the client. A 2.1.0 denial/allowlist feature was introduced but could be by...

Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...