CVE-2025-66168 is a medium-severity integer overflow vulnerability (CWE-190) in Apache ActiveMQ's MQTT transport connector implementation. The flaw stems from inadequate validation of the Remaining Length field during MQTT packet decoding. MQTT protocol specifies that the Remaining Length field must be a maximum of 4 bytes, but malformed packets with larger or manipulated values can cause an integer overflow during length calculation. This overflow leads ActiveMQ to incorrectly compute the total Remaining Length, causing it to misinterpret the payload as multiple MQTT control packets. Such misinterpretation violates the MQTT v3.1.1 specification and can result in unexpected broker behavior, including potential protocol desynchronization or logic errors when handling non-compliant clients. The vulnerability manifests only after authentication on established connections and affects ActiveMQ versions before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0. Brokers not using MQTT transport connectors are not vulnerable. While no known exploits are currently reported in the wild, the flaw could be leveraged by authenticated attackers to disrupt broker operations or cause inconsistent message processing. The Apache Software Foundation has addressed the issue in versions 5.19.2, 6.1.9, and 6.2.1.

The vulnerability primarily impacts the integrity and reliability of message processing within affected Apache ActiveMQ brokers using MQTT transport connectors. An attacker with valid credentials can send specially crafted malformed MQTT packets that trigger the integer overflow, causing the broker to misinterpret message boundaries. This can lead to unexpected broker behavior such as message processing errors, protocol desynchronization, or potential denial of service conditions due to corrupted internal state. Although the confidentiality impact is low and availability impact is not directly indicated, the integrity issues could disrupt message delivery and broker stability, affecting applications relying on ActiveMQ for critical messaging. Organizations using ActiveMQ with MQTT transport connectors in IoT, messaging, or real-time data environments may experience operational disruptions or degraded service quality. Since exploitation requires authentication, the risk is mitigated somewhat but remains significant in environments with many authenticated clients or weak access controls.

To mitigate this vulnerability, organizations should upgrade Apache ActiveMQ to versions 5.19.2, 6.1.9, or 6.2.1, where the integer overflow issue has been fixed. Additionally, administrators should audit their ActiveMQ configurations to verify whether MQTT transport connectors are enabled; if MQTT is not required, disabling these connectors reduces exposure. Implement strict access controls and authentication mechanisms to limit the number of clients able to establish connections, reducing the attack surface. Monitoring MQTT traffic for malformed or suspicious packets can help detect exploitation attempts. Employ network segmentation to isolate messaging brokers from untrusted networks and clients. Regularly review and update client software to ensure compliance with MQTT specifications, minimizing interactions with non-compliant clients that could trigger unexpected broker behavior. Finally, maintain up-to-date logging and alerting to quickly identify anomalies in broker operations that may indicate exploitation.