[Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] Apache ActiveMQ NMS AMQP has a high-risk security vulnerability (CVE-2025-54539), please confirm and patch as soon as possible
• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202510-00000201
  • Researchers have discovered a Deserialization of Untrusted Data vulnerability (CVE-2025-54539) in the Apache ActiveMQ NMS AMQP client. An unauthenticated remote attacker can execute arbitrary code on the client by returning specially crafted serialized data when the affected client establishes a connection with an untrusted AMQP server. Please confirm and patch as soon as possible.
• Affected Platforms:
  • Apache ActiveMQ NMS AMQP versions up to and including 2.3.0
• Recommended Measures:
  • Please update Apache ActiveMQ NMS AMQP to version 2.4.0 or later (inclusive).
• References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-54539
  2. https://lists.apache.org/thread/9k684j07ljrshy3hxwhj5m0xjmkz1g2n

Computer and Communications Center
Network Systems Group