cnvd - cnvd-2025-10033

cnvd-2025-10033

Vulnerability from cnvd

Title: Apache ActiveMQ NMS OpenWire Client反序列化漏洞

Description:

Apache ActiveMQ NMS OpenWire Client是美国阿帕奇（Apache）基金会的一个.NET客户端。

Apache ActiveMQ NMS OpenWire Client 2.1.1之前版本存在反序列化漏洞，该漏洞源于应用程序在接收用户提交的序列化数据的不安全反序列化处理，攻击者可利用该漏洞导致代码执行。

Severity: 高

Patch Name: Apache ActiveMQ NMS OpenWire Client反序列化漏洞的补丁

Patch Description:

Apache ActiveMQ NMS OpenWire Client是美国阿帕奇（Apache）基金会的一个.NET客户端。

Apache ActiveMQ NMS OpenWire Client 2.1.1之前版本存在反序列化漏洞，该漏洞源于应用程序在接收用户提交的序列化数据的不安全反序列化处理，攻击者可利用该漏洞导致代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://activemq.apache.org/components/nms/providers/activemq/downloads/

Reference: http://www.openwall.com/lists/oss-security/2025/04/18/3

Impacted products

Name
Apache Apache ActiveMQ NMS OpenWire Client <2.1.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-29953",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-29953"
    }
  },
  "description": "Apache ActiveMQ NMS OpenWire Client\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a.NET\u5ba2\u6237\u7aef\u3002\n\nApache ActiveMQ NMS OpenWire Client 2.1.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5728\u63a5\u6536\u7528\u6237\u63d0\u4ea4\u7684\u5e8f\u5217\u5316\u6570\u636e\u7684\u4e0d\u5b89\u5168\u53cd\u5e8f\u5217\u5316\u5904\u7406\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://activemq.apache.org/components/nms/providers/activemq/downloads/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-10033",
  "openTime": "2025-05-19",
  "patchDescription": "Apache ActiveMQ NMS OpenWire Client\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a.NET\u5ba2\u6237\u7aef\u3002\r\n\r\nApache ActiveMQ NMS OpenWire Client 2.1.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5728\u63a5\u6536\u7528\u6237\u63d0\u4ea4\u7684\u5e8f\u5217\u5316\u6570\u636e\u7684\u4e0d\u5b89\u5168\u53cd\u5e8f\u5217\u5316\u5904\u7406\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache ActiveMQ NMS OpenWire Client\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache ActiveMQ NMS OpenWire Client \u003c2.1.1"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2025/04/18/3",
  "serverity": "\u9ad8",
  "submitTime": "2025-04-30",
  "title": "Apache ActiveMQ NMS OpenWire Client\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e"
}

CVE-2025-29953 (GCVE-0-2025-29953)

Vulnerability from cvelistv5

Published

2025-04-18 15:23

Modified

2025-04-23 15:39

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed. The .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether. Users are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future.

References

▼	URL	Tags
	https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache ActiveMQ NMS OpenWire Client	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-18T18:03:24.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/18/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-29953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:47:46.882779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T15:39:08.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache ActiveMQ NMS OpenWire Client",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "g7shot working with Trend Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.\u003c/p\u003e\u003cp\u003eThis issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed.\u003c/p\u003e\u003cp\u003eThe .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future.\u003c/p\u003e"
            }
          ],
          "value": "Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.\n\nThis issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed.\n\nThe .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether.\n\nUsers are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-18T15:23:31.658Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx"
        }
      ],
      "source": {
        "defect": [
          "AMQNET-844"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-29953",
    "datePublished": "2025-04-18T15:23:31.658Z",
    "dateReserved": "2025-03-12T16:59:03.133Z",
    "dateUpdated": "2025-04-23T15:39:08.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted