Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache ActiveMQ Integer Overflow Risk, Upgrading Recommended
OESA-2026-1607
Summary
Apache ActiveMQ's software has a bug that could cause it to mismanage resources or crash. This could lead to data loss or system downtime. To fix this, update to version 5.19.2, 6.1.9, or 6.2.1.
What to do
- Update activemq to version 5.19.2-1.oe2403sp1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | activemq | <= 5.19.2-1.oe2403sp1 | 5.19.2-1.oe2403sp1 |
Original title
activemq security update
Original description
The most popular and powerful open source messaging and Integration Patterns server.
Security Fix(es):
A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.(CVE-2025-66168)
Security Fix(es):
A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.(CVE-2025-66168)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-66168 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026