{"id":30880,"date":"2025-04-25T01:13:40","date_gmt":"2025-04-25T01:13:40","guid":{"rendered":""},"modified":"2025-07-02T23:19:29","modified_gmt":"2025-07-03T05:19:29","slug":"cve-2025-29953-critical-deserialization-of-untrusted-data-vulnerability-in-apache-activemq-nms-openwire-client","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-29953-critical-deserialization-of-untrusted-data-vulnerability-in-apache-activemq-nms-openwire-client\/","title":{"rendered":"<strong>CVE-2025-29953: Critical Deserialization of Untrusted Data Vulnerability in Apache ActiveMQ NMS OpenWire Client<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>This blog post aims to shed light on a critical cybersecurity vulnerability, CVE-2025-29953, which affects the Apache ActiveMQ NMS OpenWire Client before version 2.1.1. This vulnerability revolves around the deserialization of untrusted data when connecting to untrusted servers, which can potentially allow malicious servers to execute arbitrary code on the client. Such attacks could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22900-stack-overflow-vulnerability-in-totolink-n600r-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"35186\">potentially compromise the system or lead<\/a> to data leakage. It&#8217;s essential for users, particularly those using Apache ActiveMQ NMS OpenWire Client, to understand this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30727-unpatched-vulnerability-in-oracle-scripting-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"35783\">vulnerability and take the necessary steps to protect their systems<\/a>.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-29953<br \/>\nSeverity: Critical (9.8 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/yale-new-haven-health-system-data-breach-a-comprehensive-analysis-of-a-cybersecurity-breach-impacting-5-5-million-patients\/\"  data-wpil-monitor-id=\"38586\">System compromise or data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1519785196\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Apache ActiveMQ NMS OpenWire Client | Before 2.1.1<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32143-deserialization-vulnerability-in-pickplugins-accordion\/\"  data-wpil-monitor-id=\"35522\">vulnerability stems from the unbounded deserialization<\/a> that occurs when the Apache ActiveMQ NMS OpenWire Client tries to establish connections with untrusted servers. The servers can manipulate this flaw by providing malicious responses that will eventually lead to arbitrary <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32433-unauthenticated-remote-code-execution-vulnerability-in-erlang-otp-ssh-server\/\"  data-wpil-monitor-id=\"36480\">code execution<\/a> on the client. Although version 2.1.0 introduced a feature to restrict deserialization through allow\/denylist, this feature could be bypassed, leaving the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-33118-critical-memory-corruption-vulnerability-in-listen-sound-model-client-payload\/\"  data-wpil-monitor-id=\"41235\">client vulnerable<\/a>.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3188199395\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-23394-critical-unix-symbolic-link-following-vulnerability-in-opensuse-tumbleweed-cyrus-imapd\/\"  data-wpil-monitor-id=\"54414\">following pseudocode illustrates how this vulnerability<\/a> might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">\/\/ Server-side code simulating a malicious server\npublic class MaliciousServer {\npublic static void main(String[] args) throws Exception {\nServerSocket serverSocket = new ServerSocket(8000);\nSocket clientSocket = serverSocket.accept();\nObjectOutputStream objectOutputStream = new ObjectOutputStream(clientSocket.getOutputStream());\nobjectOutputStream.writeObject(new MaliciousObject());\n}\nstatic class MaliciousObject implements Serializable {\nprivate void readObject(ObjectInputStream in) throws Exception {\nRuntime.getRuntime().exec(&quot;malicious_command&quot;);\n}\n}\n}<\/code><\/pre>\n<p>In this example, a malicious server is set up to send a serialized malicious object to the client. When the client <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27286-deserialization-of-untrusted-data-leads-to-object-injection-in-saoshyant-slider\/\"  data-wpil-monitor-id=\"36997\">deserializes the object<\/a>, the malicious command within the object&#8217;s readObject method is executed.<\/p>\n<p><strong>How to Mitigate the Vulnerability<\/strong><\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-26521-apache-cloudstack-user-account-vulnerability-in-kubernetes-cluster-creation\/\"  data-wpil-monitor-id=\"63117\">Users are advised to upgrade to Apache<\/a> ActiveMQ NMS OpenWire Client version 2.1.1, which rectifies the issue. In addition to this, it is recommended to move away from relying on .NET binary serialization as a future hardening method, given the deprecation of the built-in .NET binary serialization feature from .NET 9 onwards. As a temporary mitigation, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5485-a-critical-vulnerability-pertaining-to-user-name-enumeration-in-web-management-interfaces\/\"  data-wpil-monitor-id=\"63118\">users can apply a vendor patch or use a Web<\/a> Application Firewall (WAF) or Intrusion Detection System (IDS).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This blog post aims to shed light on a critical cybersecurity vulnerability, CVE-2025-29953, which affects the Apache ActiveMQ NMS OpenWire Client before version 2.1.1. This vulnerability revolves around the deserialization of untrusted data when connecting to untrusted servers, which can potentially allow malicious servers to execute arbitrary code on the client. Such attacks could [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[103],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-30880","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-apache","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/30880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=30880"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/30880\/revisions"}],"predecessor-version":[{"id":56714,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/30880\/revisions\/56714"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=30880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=30880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=30880"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=30880"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=30880"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=30880"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=30880"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=30880"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=30880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}