Security researchers found that Apache RocketMQ services are being targeted by malicious activities. The vulnerabilities, known as CVE-2023-33246 and CVE-2023-37582, remain a serious threat even after the vendor released patches in May 2023.
On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control...
Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable...
The CVE-2023-33246 affected different parts of RocketMQ, such as NameServer, Broker, and Controller. Rongtong Jin, a member of the Apache RocketMQ Project Management Committee, warned about a lasting flaw in the NameServer component of RocketMQ versions 5.1 and older.
The incomplete fix leaves a remote command execution vulnerability, allowing attackers to exploit the update configuration function on exposed NameServers without proper permission checks.
CVE-2023-37582: Unfinished Business:
The problem is the CVE-2023-37582, which is still critical. To prevent attacks, it’s recommended to upgrade NameServer to version 5.1.2/4.9.7 or higher for RocketMQ 5.x/4.x.
Source: Bleeping computer
The ShadowServer Foundation’s threat intelligence shows a concerning trend: many hosts are actively scanning for online RocketMQ systems. There are exploitation attempts for both CVE-2023-33246 and CVE-2023-37582.
Threat Landscape:
The ShadowServer Foundation has found that there are many different types of threats online. Scanning activities could be used for planning attacks, taking advantage of vulnerabilities, or for genuine research purposes. Hackers have been involved since August 2023, at the same time as the DreamBus botnet started using a vulnerability to install XMRig Monero miners on weak servers.
“The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1,” reads a warning from Rongtong Jin, a member of the Apache RocketMQ Project Management Committee.