CVE-2025-54539 Overview
A critical Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This vulnerability affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0 when establishing connections to untrusted AMQP servers. Malicious servers can exploit unbounded deserialization logic present in the client to craft responses that may lead to arbitrary code execution on the client side.
Although version 2.1.0 introduced a mechanism to restrict deserialization via allow/deny lists, the protection was found to be bypassable under certain conditions. In line with Microsoft's deprecation of binary serialization in .NET 9, the Apache project is evaluating the removal of .NET binary serialization support from the NMS API entirely in future releases.
Critical Impact
Attackers controlling a malicious AMQP server can achieve arbitrary code execution on client systems connecting to the server through crafted deserialization payloads, potentially leading to complete system compromise.
Affected Products
- Apache ActiveMQ NMS AMQP versions up to and including 2.3.0
- .NET applications using the NMS AMQP client library
- Systems connecting to untrusted AMQP endpoints
Discovery Timeline
- October 16, 2025 - CVE-2025-54539 published to NVD
- November 4, 2025 - Last updated in NVD database
Technical Details for CVE-2025-54539
Vulnerability Analysis
This vulnerability is classified as CWE-502 (Deserialization of Untrusted Data), a well-known class of security flaws that can lead to remote code execution. The Apache ActiveMQ NMS AMQP client implements .NET binary serialization to handle message payloads and server responses. When a client connects to an AMQP server, it deserializes data received from that server without adequate validation of the incoming object types.
The vulnerability is particularly dangerous because it exists on the client side, meaning any application using the vulnerable NMS AMQP library could be compromised when connecting to a malicious server. This represents an inversion of the typical attack pattern where servers are targeted, making it potentially more difficult to detect and prevent through traditional perimeter security measures.
Root Cause
The root cause lies in the unbounded deserialization logic within the NMS AMQP client. While version 2.1.0 attempted to address this by introducing allow/deny lists to restrict which types could be deserialized, the implementation contained bypass conditions that allowed attackers to circumvent these protections. The underlying issue stems from the use of .NET binary serialization (BinaryFormatter), which Microsoft has explicitly deprecated due to its inherent security risks. BinaryFormatter deserializes objects without proper type constraints, allowing attackers to instantiate arbitrary types that execute malicious code during the deserialization process.
Attack Vector
The attack vector requires an attacker to operate or compromise an AMQP server that the victim client connects to. This is a network-based attack that can be exploited remotely without requiring authentication or user interaction. The attack flow proceeds as follows:
- The attacker sets up or compromises an AMQP server
- A victim application using the vulnerable NMS AMQP client connects to this server
- The malicious server responds with a specially crafted serialized payload
- The client deserializes the payload, triggering arbitrary code execution
- The attacker gains code execution in the context of the client application
This attack pattern is particularly concerning in scenarios where applications connect to external or third-party AMQP endpoints, or in environments where an attacker has achieved network positioning to perform man-in-the-middle attacks.
Detection Methods for CVE-2025-54539
Indicators of Compromise
- Unexpected outbound connections from NMS AMQP client applications to unknown AMQP servers
- Unusual process behavior or child process spawning from applications using the NMS AMQP library
- Network traffic containing anomalous .NET binary serialization payloads in AMQP responses
- Runtime errors or exceptions related to deserialization in application logs
Detection Strategies
- Monitor for applications loading the Apache.NMS.AMQP assembly versions prior to 2.4.0
- Implement network monitoring for AMQP traffic (port 5672/5671) with payload inspection for serialized .NET objects
- Deploy endpoint detection and response (EDR) solutions to identify suspicious process chains originating from .NET applications
- Audit application dependencies using software composition analysis (SCA) tools to identify vulnerable library versions
Monitoring Recommendations
- Enable verbose logging for all NMS AMQP client connections and monitor for deserialization-related events
- Implement network segmentation to restrict which servers AMQP clients can connect to
- Configure alerting for any new or unexpected AMQP server endpoints in your environment
- Review application logs for TypeLoadException or SerializationException errors that may indicate exploitation attempts
How to Mitigate CVE-2025-54539
Immediate Actions Required
- Upgrade to Apache ActiveMQ NMS AMQP version 2.4.0 or later immediately
- Audit all applications using the NMS AMQP library and prioritize upgrades based on exposure to external servers
- Restrict AMQP client connections to only known and trusted server endpoints using network controls
- Consider temporarily disabling AMQP connectivity to untrusted servers until patches can be applied
Patch Information
Users are strongly encouraged to upgrade to version 2.4.0 or later, which resolves this vulnerability. The fix addresses the deserialization bypass conditions present in previous versions. Additionally, projects depending on NMS-AMQP should migrate away from .NET binary serialization as part of a long-term hardening strategy, aligning with Microsoft's deprecation of BinaryFormatter in .NET 9. For detailed patch information, see the Apache Mailing List Post.
Workarounds
- Implement strict network controls to ensure AMQP clients only connect to trusted, internal servers
- Deploy a proxy or gateway that validates AMQP traffic and blocks suspicious serialized payloads
- If upgrading is not immediately possible, review and strengthen deserialization allow/deny lists in version 2.1.0 and later
- Consider migrating to alternative serialization formats that do not rely on .NET BinaryFormatter
# Verify installed NMS AMQP version in your .NET project
dotnet list package | grep -i "Apache.NMS.AMQP"
# Update to the patched version
dotnet add package Apache.NMS.AMQP --version 2.4.0
# Verify the update was successful
dotnet list package | grep -i "Apache.NMS.AMQP"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
