Apache ActiveMQ Allow Attackers to Trigger DoS Attacks With Malformed Packets

A medium-severity vulnerability (CVE-2025-66168) in Apache ActiveMQ allows authenticated attackers to cause a Denial-of-Service (DoS) by sending malformed network packets to the MQTT module, exploiting an integer overflow due to improper validation of the remaining length field. Affected versions include those before 5.19.2, 6.0.0 through 6.1.8, and 6.2.0, with mitigation requiring upgrades to patched versions (5.19.2, 6.1.9, or 6.2.1) or disabling the MQTT transport connector.