CVE-2025-4057: 
vulnerability analysis and mitigation

A vulnerability (CVE-2025-4057) was discovered in ActiveMQ Artemis, specifically in the activemq-artemis-operator component. The flaw relates to password generation, where the operator fails to regenerate passwords between separated CR dependencies. This vulnerability was reported on April 29, 2025, and was assigned a CVSS v3.1 base score of 5.5 (Medium severity) (Red Hat CVE, NVD).

The vulnerability is classified as CWE-1391 (Use of Weak Credentials). The issue specifically affects the password generation mechanism where AMQPASSWORD, AMQUSER, AMQCLUSTERPASSWORD, and AMQCLUSTERUSER credentials do not regenerate between separate CR instances. The CVSS v3.1 vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability (Red Hat CVE).

The vulnerability primarily affects the confidentiality of the system, with a high impact rating in this area. The reuse of credentials between separate CR instances could potentially lead to unauthorized access to sensitive information. However, the vulnerability requires local access and low privileges to exploit, which somewhat limits its potential impact (Red Hat CVE).

Red Hat has addressed this vulnerability in AMQ Broker 7.13.0.OPR.1.GA through the security advisory RHSA-2025:8147. Users are advised to update to the latest image available in the Red Hat Container catalog (Red Hat Advisory).