Apache ActiveMQ Classic Remote Code Execution Actively Exploited

Recently patched vulnerability in Apache ActiveMQ Classic is being exploited in the wild. While exploitation requires authentication, many instances use widely-known default credentials.

Remote authenticated users can exploit the vulnerability to execute arbitrary code. Default credentials on many installations lower the authentication barrier.

Unpatched Apache ActiveMQ Classic installations, particularly those with default credentials.

Apply Apache ActiveMQ patches immediately. Change default credentials on all ActiveMQ instances. CISA has added this to the Known Exploited Vulnerabilities catalog.