Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-4057 (GCVE-0-2025-4057)
Vulnerability from cvelistv5 – Published: 2025-05-26 08:53 – Updated: 2025-11-20 20:48
VLAI
EPSS
Title
Activemq-artemis-operator: amq broker operator starting credentials reuse
Summary
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:12355 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:12473 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:8147 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-4057 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2362827 | issue-trackingx_refsource_REDHAT |
| https://github.com/arkmq-org/activemq-artemis-ope… | |
| https://github.com/arkmq-org/activemq-artemis-ope… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.0.3
(semver)
|
|||
| Red Hat | AMQ Broker 7.13.0.OPR.1.GA |
cpe:/a:redhat:rhosemc:1.0::el9 |
|
| Red Hat | Red Hat AMQ Broker 7.12.5 |
cpe:/a:redhat:amq_broker:7.12 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.12.5-2 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
Date Public
2025-05-21 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:25:10.764022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:25:16.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/arkmq-org/activemq-artemis-operator",
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"product": "AMQ Broker 7.13.0.OPR.1.GA",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:amq_broker:7.12"
],
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"product": "Red Hat AMQ Broker 7.12.5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-init-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8-operator",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8-operator-bundle",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:48:35.847Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:12355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"name": "RHSA-2025:12473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
},
{
"name": "RHSA-2025:8147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"name": "RHBZ#2362827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-29T02:06:56.641Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-05-21T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Activemq-artemis-operator: amq broker operator starting credentials reuse",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_redhatCweChain": "CWE-1391: Use of Weak Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-4057",
"datePublished": "2025-05-26T08:53:04.340Z",
"dateReserved": "2025-04-29T02:11:18.656Z",
"dateUpdated": "2025-11-20T20:48:35.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-4057",
"date": "2026-06-20",
"epss": "0.00148",
"percentile": "0.04318"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4057\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-05-26T10:15:21.437\",\"lastModified\":\"2025-07-31T20:15:43.123\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una falla en ActiveMQ Artemis. La contrase\u00f1a generada por activemq-artemis-operator no se regenera entre dependencias CR separadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1391\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:12355\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:12473\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:8147\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-4057\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2362827\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/arkmq-org/activemq-artemis-operator/issues/1130\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4057\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T14:25:10.764022Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T14:25:13.582Z\"}}], \"cna\": {\"title\": \"Activemq-artemis-operator: amq broker operator starting credentials reuse\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.3\", \"versionType\": \"semver\"}], \"packageName\": \"activemq-artemis-operator\", \"collectionURL\": \"https://github.com/arkmq-org/activemq-artemis-operator\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"AMQ Broker 7.13.0.OPR.1.GA\", \"packageName\": \"activemq-artemis-operator\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7.12\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7.12.5\", \"packageName\": \"activemq-artemis-operator\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-8 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.12.5-2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-init-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-8 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.12.5-2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-8 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.12.5-2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"RHEL-8 based Middleware Containers\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.12.5-2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"amq7/amq-broker-rhel8-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-29T02:06:56.641Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-05-21T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-05-21T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:12355\", \"name\": \"RHSA-2025:12355\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:12473\", \"name\": \"RHSA-2025:12473\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:8147\", \"name\": \"RHSA-2025:8147\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-4057\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2362827\", \"name\": \"RHBZ#2362827\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a\"}, {\"url\": \"https://github.com/arkmq-org/activemq-artemis-operator/issues/1130\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Currently, no mitigation is available for this vulnerability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1391\", \"description\": \"Use of Weak Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T20:48:35.847Z\"}, \"x_redhatCweChain\": \"CWE-1391: Use of Weak Credentials\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4057\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T20:48:35.847Z\", \"dateReserved\": \"2025-04-29T02:11:18.656Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-05-26T08:53:04.340Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-4057
Vulnerability from fkie_nvd - Published: 2025-05-26 10:15 - Updated: 2026-06-17 09:32
Severity
Summary
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://github.com/arkmq-org/activemq-artemis-operator",
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"product": "AMQ Broker 7.13.0.OPR.1.GA",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:amq_broker:7.12"
],
"defaultStatus": "unaffected",
"packageName": "activemq-artemis-operator",
"product": "Red Hat AMQ Broker 7.12.5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-init-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8-operator",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel8-operator-bundle",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.12.5-2",
"versionType": "rpm"
}
]
}
],
"source": "secalert@redhat.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies."
},
{
"lang": "es",
"value": "Se detect\u00f3 una falla en ActiveMQ Artemis. La contrase\u00f1a generada por activemq-artemis-operator no se regenera entre dependencias CR separadas."
}
],
"id": "CVE-2025-4057",
"lastModified": "2026-06-17T09:32:24.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-4057",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:25:10.764022Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-05-26T10:15:21.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
GHSA-Q5Q7-8X6X-HCG2
Vulnerability from github – Published: 2025-05-26 12:30 – Updated: 2025-07-31 21:31
VLAI
Summary
ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse
Details
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
Severity
5.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/arkmq-org/activemq-artemis-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20250418141202-b262048e6a75"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-4057"
],
"database_specific": {
"cwe_ids": [
"CWE-1391"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-27T22:50:22Z",
"nvd_published_at": "2025-05-26T10:15:21Z",
"severity": "MODERATE"
},
"details": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"id": "GHSA-q5q7-8x6x-hcg2",
"modified": "2025-07-31T21:31:32Z",
"published": "2025-05-26T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057"
},
{
"type": "WEB",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
},
{
"type": "WEB",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"type": "PACKAGE",
"url": "https://github.com/arkmq-org/activemq-artemis-operator"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse"
}
OPENSUSE-SU-2025:15188-1
Vulnerability from csaf_opensuse - Published: 2025-06-01 00:00 - Updated: 2025-06-01 00:00Summary
govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15188
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15188",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15188-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15188-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15188-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47933 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47952/"
}
],
"title": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
"tracking": {
"current_release_date": "2025-06-01T00:00:00Z",
"generator": {
"date": "2025-06-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15188-1",
"initial_release_date": "2025-06-01T00:00:00Z",
"revision_history": [
{
"date": "2025-06-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4057"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4057",
"url": "https://www.suse.com/security/cve/CVE-2025-4057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4057"
},
{
"cve": "CVE-2025-47933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47933"
}
],
"notes": [
{
"category": "general",
"text": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47933",
"url": "https://www.suse.com/security/cve/CVE-2025-47933"
},
{
"category": "external",
"summary": "SUSE Bug 1243791 for CVE-2025-47933",
"url": "https://bugzilla.suse.com/1243791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-47933"
},
{
"cve": "CVE-2025-47952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47952"
}
],
"notes": [
{
"category": "general",
"text": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u0027s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47952",
"url": "https://www.suse.com/security/cve/CVE-2025-47952"
},
{
"category": "external",
"summary": "SUSE Bug 1243818 for CVE-2025-47952",
"url": "https://bugzilla.suse.com/1243818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-01T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47952"
}
]
}
RHSA-2025:12355
Vulnerability from csaf_redhat - Published: 2025-07-31 11:18 - Updated: 2026-03-18 03:03Summary
Red Hat Security Advisory: AMQ Broker 7.12.5.OPR.1.GA Container Images release and security update
Severity
Moderate
Notes
Topic: This is the multiarch release of the AMQ Broker 7.12.5 aligned Operator and associated container images on Red Hat Enterprise Linux for the OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
This release of Red Hat AMQ Broker 7.12.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
5.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is the multiarch release of the AMQ Broker 7.12.5 aligned Operator and associated container images on Red Hat Enterprise Linux for the OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.\n\nThis release of Red Hat AMQ Broker 7.12.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12355",
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#moderate",
"url": "https://access.redhat.com/security/updates/classification#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/"
},
{
"category": "external",
"summary": "2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "external",
"summary": "ENTMQBR-9820",
"url": "https://issues.redhat.com/browse/ENTMQBR-9820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12355.json"
}
],
"title": "Red Hat Security Advisory: AMQ Broker 7.12.5.OPR.1.GA Container Images release and security update",
"tracking": {
"current_release_date": "2026-03-18T03:03:29+00:00",
"generator": {
"date": "2026-03-18T03:03:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:12355",
"initial_release_date": "2025-07-31T11:18:34+00:00",
"revision_history": [
{
"date": "2025-07-31T11:18:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-31T11:18:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:03:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Middleware Containers for OpenShift",
"product": {
"name": "Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"product": {
"name": "amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"product_id": "amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"product": {
"name": "amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"product_id": "amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"product": {
"name": "amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"product_id": "amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9?arch=arm64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8-operator\u0026tag=7.12.5-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"product": {
"name": "amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"product_id": "amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"product": {
"name": "amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"product_id": "amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"product": {
"name": "amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"product_id": "amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8-operator-bundle\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"product": {
"name": "amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"product_id": "amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6?arch=amd64\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8-operator\u0026tag=7.12.5-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"product": {
"name": "amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"product_id": "amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le",
"product": {
"name": "amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le",
"product_id": "amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"product": {
"name": "amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"product_id": "amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e?arch=ppc64le\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8-operator\u0026tag=7.12.5-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"product": {
"name": "amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"product_id": "amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-init-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"product": {
"name": "amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"product_id": "amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8\u0026tag=7.12.5-2"
}
}
},
{
"category": "product_version",
"name": "amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"product": {
"name": "amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"product_id": "amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"product_identification_helper": {
"purl": "pkg:oci/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558?arch=s390x\u0026repository_url=registry.redhat.io/amq7/amq-broker-rhel8-operator\u0026tag=7.12.5-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x"
},
"product_reference": "amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64"
},
"product_reference": "amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64"
},
"product_reference": "amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le"
},
"product_reference": "amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64"
},
"product_reference": "amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64"
},
"product_reference": "amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x"
},
"product_reference": "amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le"
},
"product_reference": "amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64"
},
"product_reference": "amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x"
},
"product_reference": "amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64"
},
"product_reference": "amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64"
},
"product_reference": "amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le"
},
"product_reference": "amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"cwe": {
"id": "CWE-1391",
"name": "Use of Weak Credentials"
},
"discovery_date": "2025-04-29T02:06:56.641000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362827"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"category": "external",
"summary": "RHBZ#2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
}
],
"release_date": "2025-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-31T11:18:34+00:00",
"details": "To update to the latest image please refer to the AMQ container images in the Red Hat Container catalog.",
"product_ids": [
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:95e49d60d2431facee201ee37fd3766854c3f39a6bc92d0cfa51cde20f970c6d_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:a31c87b93441f27603e5672b5b951779bc965e68b471caaf70a52c12255268a7_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bc23a019eea3ea16eae26ffd5d6e13e35cefe602a199075ff8fb4d350cbab974_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-init-rhel8@sha256:bfcc8f35ef2f398a87f322ad361dcfe4bf5c7aaccfaf89a4e688c45a72cd74e9_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator-bundle@sha256:70a388147b14f191da563b33759c985efe9cc98ed9a4d94b92b94f0199ad9af6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:0943624823b5ea2a95ad39c090a97515e8bd577bf901d6ef31724b992031ceb6_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:3aee3c97d5a5d9b54e161aa669e7e9b3da7745a8e3b9d86bf711bd3349c4f558_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aaf54806151be114a2a5fe119f231a2cc04439b4b800045695c444a392ca2f4e_ppc64le",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8-operator@sha256:aee189bb82d82d8cec5be445e5d986e7b03b4949e0b055475d0d99c3f72af4c9_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:5832f54db15d3cf5dcc345e939ad1a5710a81ef6c5b0ba2f4d9e7b05970e5981_s390x",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:676fe91b093b92ef26d08218b740c6979fa4d2ef8dd57b6586b2f9c1dcb4eb13_arm64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:ade15c37015c8cdd2df00ea264dd791ca3677745cd217e19bbd2b7db3acc4d6a_amd64",
"8Base-RHOSE-Middleware:amq7/amq-broker-rhel8@sha256:e183277b7d15b414db4cf44c2f8e367d79b01dbe31882b8eb790bf34a2ba3191_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse"
}
]
}
RHSA-2025:12473
Vulnerability from csaf_redhat - Published: 2025-07-31 19:38 - Updated: 2026-03-18 03:03Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.12.5 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.12.5 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.12.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.12.5
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.12.5 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.12.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12473",
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#moderate",
"url": "https://access.redhat.com/security/updates/classification#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.5",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.5"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.12",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.12"
},
{
"category": "external",
"summary": "2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "external",
"summary": "ENTMQBR-9820",
"url": "https://issues.redhat.com/browse/ENTMQBR-9820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12473.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.12.5 release and security update",
"tracking": {
"current_release_date": "2026-03-18T03:03:28+00:00",
"generator": {
"date": "2026-03-18T03:03:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:12473",
"initial_release_date": "2025-07-31T19:38:17+00:00",
"revision_history": [
{
"date": "2025-07-31T19:38:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-31T19:38:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:03:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7.12.5",
"product": {
"name": "Red Hat AMQ Broker 7.12.5",
"product_id": "Red Hat AMQ Broker 7.12.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.12"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"cwe": {
"id": "CWE-1391",
"name": "Use of Weak Credentials"
},
"discovery_date": "2025-04-29T02:06:56.641000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362827"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.12.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"category": "external",
"summary": "RHBZ#2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
}
],
"release_date": "2025-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-31T19:38:17+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.12.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Broker 7.12.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.12.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse"
}
]
}
RHSA-2025:8147
Vulnerability from csaf_redhat - Published: 2025-05-26 14:48 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: AMQ Broker 7.13.0.OPR.1.GA Container Images security update
Severity
Moderate
Notes
Topic: This is the multiarch release of the AMQ Broker 7.13.0 aligned Operator and associated container images on Red Hat Enterprise Linux 9 for the OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
This release of Red Hat AMQ Broker 7.13.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Broker 7.13.0.OPR.1.GA
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:rhosemc:1.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is the multiarch release of the AMQ Broker 7.13.0 aligned Operator and associated container images on Red Hat Enterprise Linux 9 for the OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.\n\nThis release of Red Hat AMQ Broker 7.13.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-4057) activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8147",
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#moderate",
"url": "https://access.redhat.com/security/updates/classification#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
},
{
"category": "external",
"summary": "2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8147.json"
}
],
"title": "Red Hat Security Advisory: AMQ Broker 7.13.0.OPR.1.GA Container Images security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:32+00:00",
"generator": {
"date": "2026-03-18T03:00:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8147",
"initial_release_date": "2025-05-26T14:48:16+00:00",
"revision_history": [
{
"date": "2025-05-26T14:48:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-26T14:48:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMQ Broker 7.13.0.OPR.1.GA",
"product": {
"name": "AMQ Broker 7.13.0.OPR.1.GA",
"product_id": "AMQ Broker 7.13.0.OPR.1.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhosemc:1.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"cwe": {
"id": "CWE-1391",
"name": "Use of Weak Credentials"
},
"discovery_date": "2025-04-29T02:06:56.641000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362827"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Broker 7.13.0.OPR.1.GA"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4057"
},
{
"category": "external",
"summary": "RHBZ#2362827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4057"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
},
{
"category": "external",
"summary": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130",
"url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
}
],
"release_date": "2025-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-26T14:48:16+00:00",
"details": "To update to the latest image please refer to the AMQ container images in the Red Hat Container catalog.",
"product_ids": [
"AMQ Broker 7.13.0.OPR.1.GA"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AMQ Broker 7.13.0.OPR.1.GA"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AMQ Broker 7.13.0.OPR.1.GA"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse"
}
]
}
WID-SEC-W-2025-1147
Vulnerability from csaf_certbund - Published: 2025-05-26 22:00 - Updated: 2025-07-31 22:00Summary
Apache ActiveMQ: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache ActiveMQ ist ein Open Source Message Broker, der den Transport von Nachrichten zwischen verschiedenen Programmen bewerkstelligt.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Apache ActiveMQ <Broker 7.13.0.OPR.1.GA
Apache / ActiveMQ
|
<Broker 7.13.0.OPR.1.GA | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache ActiveMQ ist ein Open Source Message Broker, der den Transport von Nachrichten zwischen verschiedenen Programmen bewerkstelligt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1147 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1147.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1147 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1147"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-05-26",
"url": "https://github.com/advisories/GHSA-q5q7-8x6x-hcg2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-05-26",
"url": "https://access.redhat.com/errata/RHSA-2025:8147"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15188-1 vom 2025-06-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12355 vom 2025-07-31",
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12473 vom 2025-07-31",
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
}
],
"source_lang": "en-US",
"title": "Apache ActiveMQ: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-07-31T22:00:00.000+00:00",
"generator": {
"date": "2025-08-01T07:15:39.687+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1147",
"initial_release_date": "2025-05-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-07-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cBroker 7.13.0.OPR.1.GA",
"product": {
"name": "Apache ActiveMQ \u003cBroker 7.13.0.OPR.1.GA",
"product_id": "T044160"
}
},
{
"category": "product_version",
"name": "Broker 7.13.0.OPR.1.GA",
"product": {
"name": "Apache ActiveMQ Broker 7.13.0.OPR.1.GA",
"product_id": "T044160-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:activemq:broker_7.13.0.opr.1.ga"
}
}
}
],
"category": "product_name",
"name": "ActiveMQ"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4057",
"product_status": {
"known_affected": [
"67646",
"T044160",
"T027843"
]
},
"release_date": "2025-05-26T22:00:00.000+00:00",
"title": "CVE-2025-4057"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…