CVE-2025-27391

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27391

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27391.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27391

Aliases

GHSA-pm4j-p7pm-fpvx

Downstream

ROOT-APP-MAVEN-CVE-2025-27391

Published

2025-04-09T15:16:02.090Z

Modified

2026-04-10T05:23:58.339234Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.

This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.

Users are recommended to upgrade to version 2.40.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/activemq-artemis

Affected ranges

Type

GIT

Repo

https://github.com/apache/activemq-artemis

Events

Introduced

5bcbea2517ffff9f09683cdf5365885da3325c22

Fixed

2c3903ff71de7ecc6830d5f051dfc94d6df9b187

Database specific

{
    "versions": [
        {
            "introduced": "1.5.1"
        },
        {
            "fixed": "2.40.0"
        }
    ]
}

Affected versions

1.*

1.5.1

2.*

2.0.0

2.1.0

2.10.0

2.10.1

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.16.0

2.17.0

2.18.0

2.19.0

2.2.0

2.20.0

2.21.0

2.22.0

2.23.0

2.24.0

2.25.0

2.26.0

2.27.0

2.28.0

2.29.0

2.3.0

2.30.0

2.31.0

2.31.1

2.31.2

2.32.0

2.33.0

2.34.0

2.35.0

2.36.0

2.37.0

2.38.0

2.39.0

2.4.0

2.5.0

2.6.0

2.7.0

2.8.0

2.8.1

2.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27391.json"