Skip to content

CVE-2025-27533 – Apache ActiveMQ Vulnerability Impacting SSM 2.19 and Earlier

Created by: Alex Dias (a.dias@hanwha.com)
Created time: October 2025
Last edited time: October 2025
Product Category: SSM
Resolution Status: Planned
ZD KB Article URL: here

1. Issue Summary

SSM versions up to and including 2.19 are affected by CVE-2025-27533, a vulnerability in Apache ActiveMQ that may lead to Denial of Service (DoS) via excessive memory allocation.

This issue was confirmed through internal security testing and requires a version upgrade of the embedded ActiveMQ module.

2. Affected Devices and Software Versions

  • SSM versions 2.19 and earlier
  • Bundled ActiveMQ version: 5.16.7

3. Solution

3-1. Official Fix Plan

  • The embedded ActiveMQ component will be upgraded from 5.16.7 to 5.16.8 in SSM 2.20
  • The update requires no code or configuration changes, and fully addresses CVE-2025-27533

4. Firmware / Release Plan

  • Vulnerable: SSM 2.19 and earlier
  • Resolved: SSM 2.20 (bundling ActiveMQ 5.16.8)
  • Planned Release: December 2025
  • Note: No standalone patch will be issued; upgrading to SSM 2.20 is required