{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"MEDIUM" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66168" }, { "summary":"CVE-2025-66168 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2025/csaf-openeuler-cve-2025-66168.json" }, { "summary":"openEuler-SA-2026-1681", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1681" }, { "summary":"CVE-2025-66168", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-66168&packageName=activemq" } ], "title":"openEuler cve CVE-2025-66168", "tracking":{ "initial_release_date":"2026-03-24T10:12:43+08:00", "revision_history":[ { "date":"2026-03-24T10:12:43+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-24T10:12:43+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-24T10:12:43+08:00", "id":"CVE-2025-66168", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"activemq-5.19.2-1.oe2203sp4.noarch.rpm", "name":"activemq-5.19.2-1.oe2203sp4.noarch.rpm" }, "name":"activemq-5.19.2-1.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"activemq-javadoc-5.19.2-1.oe2203sp4.noarch.rpm", "name":"activemq-javadoc-5.19.2-1.oe2203sp4.noarch.rpm" }, "name":"activemq-javadoc-5.19.2-1.oe2203sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"activemq-5.19.2-1.oe2203sp4.src.rpm", "name":"activemq-5.19.2-1.oe2203sp4.src.rpm" }, "name":"activemq-5.19.2-1.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"activemq-5.19.2-1.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:activemq-5.19.2-1.oe2203sp4.noarch", "name":"activemq-5.19.2-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"activemq-javadoc-5.19.2-1.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:activemq-javadoc-5.19.2-1.oe2203sp4.noarch", "name":"activemq-javadoc-5.19.2-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"activemq-5.19.2-1.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:activemq-5.19.2-1.oe2203sp4.src", "name":"activemq-5.19.2-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-66168", "notes":[ { "text":"A vulnerability classified as problematic has been found in Apache ActiveMQ (Application Server Software).CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.This is going to have an impact on integrity, and availability.Upgrading to version 5.19.2, 6.1.9 or 6.2.1 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:activemq-5.19.2-1.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:activemq-javadoc-5.19.2-1.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:activemq-5.19.2-1.oe2203sp4.src" ] }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"activemq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1681" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-66168" } ] }