Home

Description

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.

PUBLISHED Reserved 2025-04-29 | Published 2025-05-26 | Updated 2025-11-20 | Assigner redhat




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Weak Credentials

Product status

Default status
unaffected

Any version before 2.0.3
affected

Default status
unaffected

Default status
unaffected

Default status
affected

7.12.5-2 (rpm) before *
unaffected

Default status
affected

7.12.5-2 (rpm) before *
unaffected

Default status
affected

7.12.5-2 (rpm) before *
unaffected

Default status
affected

7.12.5-2 (rpm) before *
unaffected

Timeline

2025-04-29:Reported to Red Hat.
2025-05-21:Made public.

References

access.redhat.com/errata/RHSA-2025:12355 (RHSA-2025:12355) vendor-advisory

access.redhat.com/errata/RHSA-2025:12473 (RHSA-2025:12473) vendor-advisory

access.redhat.com/errata/RHSA-2025:8147 (RHSA-2025:8147) vendor-advisory

access.redhat.com/security/cve/CVE-2025-4057 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2362827 (RHBZ#2362827) issue-tracking

github.com/...ommit/d3482fab6d0060794226c9e5a6fa67d209abc35a

github.com/arkmq-org/activemq-artemis-operator/issues/1130

cve.org (CVE-2025-4057)

nvd.nist.gov (CVE-2025-4057)

Download JSON