{"id":"CVE-2025-27391","details":"Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.\n\nThis issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.\n\nUsers are recommended to upgrade to version 2.40.0, which fixes the issue.","aliases":["GHSA-pm4j-p7pm-fpvx"],"modified":"2026-04-10T05:23:58.339234Z","published":"2025-04-09T15:16:02.090Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2025/04/09/3"},{"type":"REPORT","url":"https://lists.apache.org/thread/25p96cvzl1mkt29lwm2d8knklkoqolps"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/activemq-artemis","events":[{"introduced":"5bcbea2517ffff9f09683cdf5365885da3325c22"},{"fixed":"2c3903ff71de7ecc6830d5f051dfc94d6df9b187"}],"database_specific":{"versions":[{"introduced":"1.5.1"},{"fixed":"2.40.0"}]}}],"versions":["1.5.1","2.0.0","2.1.0","2.10.0","2.10.1","2.11.0","2.12.0","2.13.0","2.14.0","2.15.0","2.16.0","2.17.0","2.18.0","2.19.0","2.2.0","2.20.0","2.21.0","2.22.0","2.23.0","2.24.0","2.25.0","2.26.0","2.27.0","2.28.0","2.29.0","2.3.0","2.30.0","2.31.0","2.31.1","2.31.2","2.32.0","2.33.0","2.34.0","2.35.0","2.36.0","2.37.0","2.38.0","2.39.0","2.4.0","2.5.0","2.6.0","2.7.0","2.8.0","2.8.1","2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27391.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}