How severe is CVE-2025-27533?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-27533?

This is classified as CWE-789, which is a common weakness in software security.

CVE-2025-27533 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Related Vulnerabilities

CVE-2023-43632

CRITICAL

CVSS:9.9(Critical)

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-...

CWE-7892023

CVE-2020-24685

HIGH

CVSS:8.6(High)

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR ...

CWE-7892020

CVE-2024-20260

HIGH

CVSS:8.6(High)

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat D...

CWE-7892024

CVE-2021-34854

HIGH

CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code...

CWE-7892021

CVE-2021-34868

HIGH

CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o...

CWE-7892021

CVE-2021-34869

HIGH

CVSS:7.8(High)

CWE-7892021