Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache ActiveMQ Integer Overflow Security Risk
OESA-2026-1608
Summary
Apache ActiveMQ has a security issue that could allow an attacker to disrupt the system or steal sensitive information. Upgrading to a newer version of the software, such as 5.19.2, 6.1.9, or 6.2.1, will fix this problem. Consider updating ActiveMQ as soon as possible to prevent potential security risks.
What to do
- Update activemq to version 5.19.2-1.oe2403sp2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | activemq | <= 5.19.2-1.oe2403sp2 | 5.19.2-1.oe2403sp2 |
Original title
activemq security update
Original description
The most popular and powerful open source messaging and Integration Patterns server.
Security Fix(es):
A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.(CVE-2025-66168)
Security Fix(es):
A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.(CVE-2025-66168)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-66168 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026