What is the CVSS severity score for CVE-2025-54539?

CVE-2025-54539 has a CVSS v3.1 score of 9.8, which indicates critical severity. This high score reflects the vulnerability's ability to allow arbitrary code execution on client applications simply by connecting to a malicious or compromised AMQP server, with no user interaction required.

How does CVE-2025-54539 work?

The vulnerability stems from improper deserialization of untrusted data. When a client application connects to an untrusted or compromised AMQP server, the server can send specially crafted responses that exploit the client's unbounded deserialization routines. These malicious payloads trigger arbitrary code execution on the client side, allowing attackers to take complete control of the client application. The client's deserialization logic relies on .NET binary serialization without adequately verifying the trustworthiness of incoming data.

What can attackers do by exploiting CVE-2025-54539?

Attackers can execute arbitrary code on vulnerable client applications, effectively taking complete control of the client system. The vulnerability can be exploited simply by getting a client to connect to a hostile AMQP server. Even organizations with hardened network perimeters remain vulnerable if their applications interact with malicious or compromised brokers.

Who discovered CVE-2025-54539?

The vulnerability was discovered by researchers at Endor Labs. These researchers demonstrated that even the allow/deny list protection mechanisms introduced in version 2.1.0 could be bypassed, rendering the defense ineffective against this attack.

Why didn't the allow/deny list feature prevent CVE-2025-54539?

Although version 2.1.0 of the NMS AMQP Client introduced an allow/deny list feature designed to restrict deserialization and prevent unsafe types from being processed, researchers at Endor Labs demonstrated that these protection mechanisms could be bypassed, rendering the defense ineffective. This highlights the fundamental security issues with .NET binary serialization.

What is the root cause of CVE-2025-54539?

The root cause is the client's reliance on .NET binary serialization, a legacy mechanism that Microsoft is phasing out in the upcoming .NET 9 release due to inherent security concerns. The client's deserialization logic fails to adequately verify the trustworthiness and safety of incoming data from AMQP servers, allowing malicious payloads to trigger arbitrary code execution.

How can CVE-2025-54539 be exploited?

The vulnerability can be exploited simply by getting a vulnerable client application to connect to a hostile AMQP server. When the connection is established, the malicious server sends specially crafted responses that exploit unbounded deserialization routines in the client. No user interaction beyond establishing the connection is required, making this vulnerability particularly dangerous.

Why is CVE-2025-54539 considered critical?

CVE-2025-54539 is considered critical with a CVSS score of 9.8 because it allows arbitrary code execution on client applications through a simple connection to a malicious AMQP server. The vulnerability requires no user interaction beyond connecting, can bypass existing protection mechanisms like allow/deny lists, and gives attackers complete control over the client system. Even organizations with hardened perimeters are vulnerable if they connect to compromised brokers.

What is unsafe deserialization?

Unsafe deserialization, as demonstrated in CVE-2025-54539, occurs when an application deserializes untrusted data without proper validation. In this case, the Apache ActiveMQ NMS AMQP Client uses .NET binary serialization to process data from AMQP servers without adequately verifying its trustworthiness. Attackers can craft malicious serialized objects that, when deserialized, execute arbitrary code on the client system.

What safer alternatives exist to .NET binary serialization?

As a long-term hardening strategy, organizations should migrate from .NET binary serialization to safer serialization frameworks such as JSON or protocol buffers. These alternatives eliminate the inherent security risks associated with binary serialization that made CVE-2025-54539 possible. Microsoft itself is phasing out .NET binary serialization in the upcoming .NET 9 release due to these security concerns.

Advisory

Critical deserialization flaw in Apache ActiveMQ NMS AMQP client enables remote code execution

Q: What is CVE-2025-54539?

CVE-2025-54539 is a critical vulnerability with a CVSS score of 9.8 in the Apache ActiveMQ NMS AMQP Client that allows malicious AMQP servers to execute arbitrary code on vulnerable client applications. The vulnerability is caused by improper deserialization of untrusted data received from AMQP servers, relying on unsafe .NET binary serialization mechanisms.

Q: Has Apache patched CVE-2025-54539?

Yes, Apache ActiveMQ has released the patched version 2.4.0 of the NMS AMQP Client. This version rejects untrusted types by default and incorporates stricter validation checks to prevent exploitation. Organizations should upgrade to version 2.4.0 or later immediately.

Q: What should organizations do about CVE-2025-54539?

Organizations should immediately upgrade to Apache ActiveMQ NMS AMQP Client version 2.4.0 or later. As a long-term hardening strategy, projects that rely heavily on .NET binary serialization should begin planning migration to safer serialization frameworks such as JSON or protocol buffers to eliminate lingering attack surfaces.

published: Oct. 16, 2025

Take action: If you're using Apache ActiveMQ NMS AMQP Client (any version up to 2.3.0), update ASAP to version 2.4.0 or later, since a connection to a malicious servers can execute code on your systems. Only connect to trusted AMQP servers, and if you can't update right away, avoid connecting to any external or untrusted message brokers until you patch.

Learn More

A critical vulnerability is reported in the Apache ActiveMQ NMS AMQP Client that allows malicious AMQP servers to execute arbitrary code on vulnerable client applications.

The vulnerability is tracked as CVE-2025-54539 (CVSS v3.1 score 9.8) and is caused by stems from improper deserialization of untrusted data received from AMQP servers. The client's deserialization logic fails to adequately verify the trustworthiness and safety of incoming data, relying instead on .NET binary serialization—a legacy mechanism that Microsoft is phasing out in the upcoming .NET 9 release due to inherent security concerns.

When a client application establishes a connection to an untrusted or compromised AMQP server, the server can send specially crafted responses that exploit the client's unbounded deserialization routines. These malicious payloads are designed to trigger arbitrary code execution on the client side, effectively allowing the attacker to take complete control of the client application. The vulnerability can be exploited simply by connecting to a hostile AMQP server, meaning that even organizations with hardened network perimeters remain vulnerable if their applications interact with malicious or compromised brokers.

Although version 2.1.0 of the NMS AMQP Client introduced an allow/deny list feature designed to restrict deserialization and prevent unsafe types from being processed, researchers at Endor Labs who discovered the vulnerability demonstrated that these protection mechanisms could be bypassed, rendering the defense ineffective.

All versions of Apache ActiveMQ NMS AMQP Client through version 2.3.0 are affected by this vulnerability. This includes all releases prior to and including version 2.3.0 when establishing connections to untrusted AMQP servers.

Apache ActiveMQ has released the patched version 2.4.0 of the NMS AMQP Client. This version rejects untrusted types by default and incorporates stricter validation checks to prevent exploitation.

Organizations are strongly encouraged to upgrade to version 2.4.0 or later immediately to mitigate this vulnerability. As a long-term hardening strategy, projects that rely heavily on .NET binary serialization should begin planning migration to safer serialization frameworks such as JSON or protocol buffers to eliminate lingering attack surfaces.

Critical deserialization flaw in Apache ActiveMQ NMS AMQP client enables remote code execution

Read More
Oracle releases July 2025 Critical Patch Update addressing …
Cisco patches critical hardcoded credentials vulnerability in Unified …
Vulnerabilities reported Workhorse Software Services municipal accounting software
Microsoft reports multiple OpenVPN vulnerabilities that can be …
CISA Confirms Active Exploitation of Three Cisco Networking …