CVE-2025-4057

Activemq-artemis-operator: amq broker operator starting credentials reuse

Description

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.

Remediation

Workaround:

  • Currently, no mitigation is available for this vulnerability.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat AMQ Broker 7.13.0.OPR.1.GA
Affected: Red Hat Red Hat AMQ Broker 7.12.5
Affected: Red Hat RHEL-8 based Middleware Containers
Affected: Red Hat RHEL-8 based Middleware Containers
Affected: Red Hat RHEL-8 based Middleware Containers
Affected: Red Hat RHEL-8 based Middleware Containers
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2025:12355 vendor advisory
https://access.redhat.com/errata/RHSA-2025:12473 vendor advisory
https://access.redhat.com/errata/RHSA-2025:8147 vendor advisory
https://access.redhat.com/security/cve/CVE-2025-4057 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2362827 issue tracking
https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a
https://github.com/arkmq-org/activemq-artemis-operator/issues/1130

Frequently Asked Questions

What is the severity of CVE-2025-4057?
CVE-2025-4057 has been scored as a medium severity vulnerability.
How to fix CVE-2025-4057?
As a workaround for remediating CVE-2025-4057: Currently, no mitigation is available for this vulnerability.
Is CVE-2025-4057 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-4057 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-4057?
CVE-2025-4057 affects Red Hat AMQ Broker 7.13.0.OPR.1.GA, Red Hat Red Hat AMQ Broker 7.12.5, Red Hat RHEL-8 based Middleware Containers, Red Hat RHEL-8 based Middleware Containers, Red Hat RHEL-8 based Middleware Containers, Red Hat RHEL-8 based Middleware Containers.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.