vulnerability
Red Hat JBoss EAP: CVE-2025-27391: Insertion of Sensitive Information into Log File
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Apr 9, 2025 | Apr 11, 2025 | Nov 26, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Apr 9, 2025
Added
Apr 11, 2025
Modified
Nov 26, 2025
Description
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.. A flaw was found in Apache ActiveMQ Artemis. This vulnerability allows an attacker with access to debug logs to obtain sensitive configuration information via debug-level logging of broker properties.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.. A flaw was found in Apache ActiveMQ Artemis. This vulnerability allows an attacker with access to debug logs to obtain sensitive configuration information via debug-level logging of broker properties.
Solution
red-hat-jboss-eap-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.