VDB
CVE-2025-66168
CVE-2025-66168
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
EPSS 0.08% · 22.8th percentile
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.08%
22.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | activemq | 0, 6.0.0, 6.2.0 |
| Bitnami | activemq | 6.0.0, 6.2.0, 0 |
Timeline
- Mar 3, 2026 PoC Published
- Mar 4, 2026 CVE Published
- Mar 4, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 6, 2026 PoC Published
- Mar 6, 2026 PoC Published
- Mar 6, 2026 PoC Published
- Mar 6, 2026 PoC Published
- Mar 8, 2026 EPSS Score
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
References
- http://www.openwall.com/lists/oss-security/2026/03/03/5 url
- https://lists.apache.org/thread/13n8mkrb2jf2y6yyhpgrkmpqcm7djyto url
- https://nvd.nist.gov/vuln/detail/CVE-2025-66168 url
- https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt url
- https://www.cve.org/CVERecord?id=CVE-2026-40046 url