Medium severity6.5NVD Advisory· Published Apr 9, 2025· Updated Jun 15, 2026
CVE-2025-27391
CVE-2025-27391
Description
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:artemis-projectMaven | >= 1.5.1, < 2.40.0 | 2.40.0 |
Affected products
2- Apache Software Foundation/Apache ActiveMQ Artemisv5Range: 1.5.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2025/04/09/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-pm4j-p7pm-fpvxghsaADVISORY
- lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolpsnvdIssue TrackingMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27391ghsaADVISORY
News mentions
0No linked articles in our index yet.