{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"activemq security update", "category":"general", "title":"Synopsis" }, { "text":"An update for activemq is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"The most popular and powerful open source messaging and Integration Patterns server.\n\nSecurity Fix(es):\n\nA vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.(CVE-2025-66168)", "category":"general", "title":"Description" }, { "text":"An update for activemq is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"activemq", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1609", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1609" }, { "summary":"CVE-2025-66168", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-66168&packageName=activemq" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66168" }, { "summary":"openEuler-SA-2026-1609 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1609.json" } ], "title":"An update for activemq is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-03-15T13:56:28+08:00", "revision_history":[ { "date":"2026-03-15T13:56:28+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-15T13:56:28+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-15T13:56:28+08:00", "id":"openEuler-SA-2026-1609", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-5.19.2-1.oe2403sp3.noarch.rpm", "name":"activemq-5.19.2-1.oe2403sp3.noarch.rpm" }, "name":"activemq-5.19.2-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-javadoc-5.19.2-1.oe2403sp3.noarch.rpm", "name":"activemq-javadoc-5.19.2-1.oe2403sp3.noarch.rpm" }, "name":"activemq-javadoc-5.19.2-1.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-5.19.2-1.oe2403sp3.src.rpm", "name":"activemq-5.19.2-1.oe2403sp3.src.rpm" }, "name":"activemq-5.19.2-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-5.19.2-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-5.19.2-1.oe2403sp3.noarch", "name":"activemq-5.19.2-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-javadoc-5.19.2-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-javadoc-5.19.2-1.oe2403sp3.noarch", "name":"activemq-javadoc-5.19.2-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-5.19.2-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-5.19.2-1.oe2403sp3.src", "name":"activemq-5.19.2-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-66168", "notes":[ { "text":"A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:activemq-5.19.2-1.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:activemq-javadoc-5.19.2-1.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:activemq-5.19.2-1.oe2403sp3.src" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"activemq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1609" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-66168" } ] }