Apache Log4j Core: Missing TLS hostname verification in Socket appender
Description
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.
This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:
- The attacker is able to intercept or redirect network traffic between the client and the log receiver.
- The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).
Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.
As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.logging.log4j:log4j-coreMaven | >= 2.0-beta9, < 2.25.3 | 2.25.3 |
Affected products
316- Range: log4j-2.0, log4j-2.1, log4j-2.1-rc2, …
- osv-coords315 versionspkg:apk/chainguard/airflow-3pkg:apk/chainguard/akhqpkg:apk/chainguard/apache-activemq-6.1pkg:apk/chainguard/apache-activemq-artemispkg:apk/chainguard/apache-activemq-artemis-compatpkg:apk/chainguard/apache-activemq-fips-6.1pkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/apache-pulsarpkg:apk/chainguard/apache-tika-2.9pkg:apk/chainguard/apache-tika-3.0pkg:apk/chainguard/apache-tika-3.0-compatpkg:apk/chainguard/apache-tika-3.1pkg:apk/chainguard/apache-tika-3.1-compatpkg:apk/chainguard/apache-tika-3.2pkg:apk/chainguard/apache-tika-3.2-compatpkg:apk/chainguard/apache-tika-fips-2.9pkg:apk/chainguard/apache-tika-fips-2.9-compatpkg:apk/chainguard/apache-tika-fips-3.0pkg:apk/chainguard/apache-tika-fips-3.0-compatpkg:apk/chainguard/apache-tika-fips-3.1pkg:apk/chainguard/apache-tika-fips-3.1-compatpkg:apk/chainguard/apache-tika-fips-3.2pkg:apk/chainguard/apache-tika-fips-3.2-compatpkg:apk/chainguard/camunda-zeebe-8.3pkg:apk/chainguard/camunda-zeebe-8.3-compatpkg:apk/chainguard/camunda-zeebe-8.4pkg:apk/chainguard/camunda-zeebe-8.4-compatpkg:apk/chainguard/camunda-zeebe-8.5pkg:apk/chainguard/camunda-zeebe-8.5-compatpkg:apk/chainguard/camunda-zeebe-8.6-compatpkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.7-compatpkg:apk/chainguard/camunda-zeebe-8.8pkg:apk/chainguard/camunda-zeebe-8.8-compatpkg:apk/chainguard/celeborn-0.5pkg:apk/chainguard/celeborn-0.5-compatpkg:apk/chainguard/celeborn-0.6pkg:apk/chainguard/celeborn-0.6-compatpkg:apk/chainguard/commercial-elasticsearch-8.19pkg:apk/chainguard/commercial-elasticsearch-9.2pkg:apk/chainguard/commercial-elasticsearch-9.3pkg:apk/chainguard/commercial-elasticsearch-9.4pkg:apk/chainguard/confluent-kafkapkg:apk/chainguard/confluent-kafka-jre-bcfipspkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/elasticsearch-8.19pkg:apk/chainguard/elasticsearch-8.19-iamguardedpkg:apk/chainguard/elasticsearch-9.1pkg:apk/chainguard/elasticsearch-9.1-iamguardedpkg:apk/chainguard/elasticsearch-9.2pkg:apk/chainguard/elasticsearch-9.2-iamguardedpkg:apk/chainguard/elasticsearch-9.3pkg:apk/chainguard/elasticsearch-9.3-iamguardedpkg:apk/chainguard/elasticsearch-fips-8.19pkg:apk/chainguard/elasticsearch-fips-9.0pkg:apk/chainguard/elasticsearch-fips-9.0-bitnamipkg:apk/chainguard/elasticsearch-fips-9.1pkg:apk/chainguard/elasticsearch-fips-9.2pkg:apk/chainguard/elasticsearch-fips-9.3pkg:apk/chainguard/flink-1.19pkg:apk/chainguard/flink-1.19-compatpkg:apk/chainguard/flink-1.20pkg:apk/chainguard/flink-2.0pkg:apk/chainguard/flink-2.0-compatpkg:apk/chainguard/flink-2.1pkg:apk/chainguard/flink-2.1-compatpkg:apk/chainguard/flink-2.2pkg:apk/chainguard/flink-2.2-compatpkg:apk/chainguard/geoserver-2.27pkg:apk/chainguard/geoserver-2.27-communitypkg:apk/chainguard/geoserver-2.27-dockerpkg:apk/chainguard/geoserver-2.28pkg:apk/chainguard/geoserver-2.28-communitypkg:apk/chainguard/geoserver-2.28-dockerpkg:apk/chainguard/ghidrapkg:apk/chainguard/infinispan-15.0-compatpkg:apk/chainguard/infinispan-15.0-imagespkg:apk/chainguard/infinispan-15.1pkg:apk/chainguard/infinispan-15.1-compatpkg:apk/chainguard/infinispan-15.1-imagespkg:apk/chainguard/infinispan-15.2pkg:apk/chainguard/infinispan-15.2-compatpkg:apk/chainguard/infinispan-15.2-imagespkg:apk/chainguard/kafka-4.0pkg:apk/chainguard/kafka-4.1pkg:apk/chainguard/kafka-bitnami-compat-4.0pkg:apk/chainguard/kafka-bridgepkg:apk/chainguard/kafka-bridge-compatpkg:apk/chainguard/kafka-bridge-fipspkg:apk/chainguard/kafka-bridge-fips-compatpkg:apk/chainguard/kafka_exporter-strimzi-compatpkg:apk/chainguard/kafka-iamguarded-compat-4.0pkg:apk/chainguard/kafka-iamguarded-compat-4.1pkg:apk/chainguard/kafka-strimzi-compatpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/kserve-modelmesh-compatpkg:apk/chainguard/logstash-8.19pkg:apk/chainguard/logstash-8.19-iamguarded-compatpkg:apk/chainguard/logstash-8.19-with-output-opensearchpkg:apk/chainguard/logstash-9.0pkg:apk/chainguard/logstash-9.0-iamguarded-compatpkg:apk/chainguard/logstash-9.0-with-output-opensearchpkg:apk/chainguard/logstash-9.1pkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/logstash-9.2pkg:apk/chainguard/logstash-9.2-iamguarded-compatpkg:apk/chainguard/logstash-9.2-with-output-opensearchpkg:apk/chainguard/neo4j-2025.05pkg:apk/chainguard/neo4j-2025.05-docker-publishpkg:apk/chainguard/neo4j-2025.06pkg:apk/chainguard/neo4j-2025.06-browserpkg:apk/chainguard/neo4j-2025.06-docker-publishpkg:apk/chainguard/neo4j-2025.07pkg:apk/chainguard/neo4j-2025.07-browserpkg:apk/chainguard/neo4j-2025.07-docker-publishpkg:apk/chainguard/neo4j-2025.08pkg:apk/chainguard/neo4j-2025.08-browserpkg:apk/chainguard/neo4j-2025.08-docker-publishpkg:apk/chainguard/neo4j-2025.09-browserpkg:apk/chainguard/neo4j-2025.09-docker-publishpkg:apk/chainguard/neo4j-2025.10pkg:apk/chainguard/neo4j-2025.10-browserpkg:apk/chainguard/neo4j-2025.10-docker-publishpkg:apk/chainguard/neo4j-5.26-docker-publishpkg:apk/chainguard/neo4j-5.26-oci-entrypointpkg:apk/chainguard/nuxeo-2023pkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-3pkg:apk/chainguard/opensearch-fips-3pkg:apk/chainguard/prometheus-jmx-exporter-strimzi-compatpkg:apk/chainguard/py3.10-vllm-cuda-12.4pkg:apk/chainguard/py3.12-vllm-cuda-12.4pkg:apk/chainguard/pyspark-scala-2.13pkg:apk/chainguard/solrpkg:apk/chainguard/spark-3.5pkg:apk/chainguard/spark-3.5-bitnami-compatpkg:apk/chainguard/spark-3.5-compatpkg:apk/chainguard/spark-3.5-minimalpkg:apk/chainguard/spark-3.5-minimal-openjdk-11pkg:apk/chainguard/spark-3.5-minimal-openjdk-17pkg:apk/chainguard/spark-3.5-minimal-openjdk-8pkg:apk/chainguard/spark-3.5-openjdk-11pkg:apk/chainguard/spark-3.5-openjdk-17pkg:apk/chainguard/spark-3.5-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.12-bitnami-compatpkg:apk/chainguard/spark-3.5-scala-2.12-compatpkg:apk/chainguard/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.12-minimal-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.12-openjdk-8pkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-3.5-scala-2.13-compatpkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-11pkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-17pkg:apk/chainguard/spark-3.5-scala-2.13-openjdk-8pkg:apk/chainguard/spark-4.0pkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/spark-4.0-scala-2.13-compatpkg:apk/chainguard/spark-fips-3.5pkg:apk/chainguard/spark-fips-3.5-scala-2.12pkg:apk/chainguard/spark-fips-3.5-scala-2.12-compatpkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/chainguard/spark-fips-3.5-scala-2.13-compatpkg:apk/chainguard/strimzi-kafka-operatorpkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-agent-3pkg:apk/chainguard/strimzi-kafka-operator-kafka-basepkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-mirror-maker-agentpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/chainguard/tritonserver-backend-vllm-cuda-12.9pkg:apk/chainguard/wavefront-proxypkg:apk/chainguard/wavefront-proxy-compatpkg:apk/chainguard/wavefront-proxy-configpkg:apk/chainguard/wavefront-proxy-licensespkg:apk/chainguard/wavefront-proxy-oci-entrypointpkg:apk/chainguard/wso2ispkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-oci-entrypointpkg:apk/chainguard/zipkin-slimpkg:apk/wolfi/airflow-3pkg:apk/wolfi/akhqpkg:apk/wolfi/apache-activemq-artemispkg:apk/wolfi/apache-activemq-artemis-compatpkg:apk/wolfi/apache-pulsarpkg:apk/wolfi/apache-tika-3.0pkg:apk/wolfi/apache-tika-3.0-compatpkg:apk/wolfi/apache-tika-3.1pkg:apk/wolfi/apache-tika-3.1-compatpkg:apk/wolfi/apache-tika-3.2pkg:apk/wolfi/apache-tika-3.2-compatpkg:apk/wolfi/celeborn-0.5pkg:apk/wolfi/celeborn-0.5-compatpkg:apk/wolfi/celeborn-0.6pkg:apk/wolfi/celeborn-0.6-compatpkg:apk/wolfi/confluent-kafkapkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/flink-1.20pkg:apk/wolfi/flink-2.0pkg:apk/wolfi/flink-2.0-compatpkg:apk/wolfi/flink-2.1pkg:apk/wolfi/flink-2.1-compatpkg:apk/wolfi/flink-2.2pkg:apk/wolfi/flink-2.2-compatpkg:apk/wolfi/infinispan-15.2pkg:apk/wolfi/infinispan-15.2-compatpkg:apk/wolfi/infinispan-15.2-imagespkg:apk/wolfi/kafka-4.0pkg:apk/wolfi/kafka-4.1pkg:apk/wolfi/kafka-bitnami-compat-4.0pkg:apk/wolfi/kafka_exporter-strimzi-compatpkg:apk/wolfi/kafka-iamguarded-compat-4.0pkg:apk/wolfi/kafka-iamguarded-compat-4.1pkg:apk/wolfi/kafka-strimzi-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/kserve-modelmesh-compatpkg:apk/wolfi/logstash-9.1pkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/logstash-9.2pkg:apk/wolfi/logstash-9.2-iamguarded-compatpkg:apk/wolfi/logstash-9.2-with-output-opensearchpkg:apk/wolfi/neo4j-2025.05pkg:apk/wolfi/neo4j-2025.05-docker-publishpkg:apk/wolfi/neo4j-2025.06pkg:apk/wolfi/neo4j-2025.06-browserpkg:apk/wolfi/neo4j-2025.06-docker-publishpkg:apk/wolfi/neo4j-2025.07pkg:apk/wolfi/neo4j-2025.07-browserpkg:apk/wolfi/neo4j-2025.07-docker-publishpkg:apk/wolfi/neo4j-2025.08pkg:apk/wolfi/neo4j-2025.08-browserpkg:apk/wolfi/neo4j-2025.08-docker-publishpkg:apk/wolfi/neo4j-2025.09-browserpkg:apk/wolfi/neo4j-2025.09-docker-publishpkg:apk/wolfi/neo4j-2025.10pkg:apk/wolfi/neo4j-2025.10-browserpkg:apk/wolfi/neo4j-2025.10-docker-publishpkg:apk/wolfi/neo4j-5.26-docker-publishpkg:apk/wolfi/neo4j-5.26-oci-entrypointpkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-3pkg:apk/wolfi/prometheus-jmx-exporter-strimzi-compatpkg:apk/wolfi/pyspark-scala-2.13pkg:apk/wolfi/solrpkg:apk/wolfi/spark-3.5pkg:apk/wolfi/spark-3.5-bitnami-compatpkg:apk/wolfi/spark-3.5-compatpkg:apk/wolfi/spark-3.5-minimalpkg:apk/wolfi/spark-3.5-minimal-openjdk-11pkg:apk/wolfi/spark-3.5-minimal-openjdk-17pkg:apk/wolfi/spark-3.5-minimal-openjdk-8pkg:apk/wolfi/spark-3.5-openjdk-11pkg:apk/wolfi/spark-3.5-openjdk-17pkg:apk/wolfi/spark-3.5-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.12-bitnami-compatpkg:apk/wolfi/spark-3.5-scala-2.12-compatpkg:apk/wolfi/spark-3.5-scala-2.12-iamguarded-compatpkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.12-minimal-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.12-openjdk-8pkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-3.5-scala-2.13-compatpkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-11pkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-17pkg:apk/wolfi/spark-3.5-scala-2.13-openjdk-8pkg:apk/wolfi/spark-4.0pkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/spark-4.0-scala-2.13-compatpkg:apk/wolfi/strimzi-kafka-operatorpkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-agent-3pkg:apk/wolfi/strimzi-kafka-operator-kafka-basepkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-mirror-maker-agentpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/wavefront-proxypkg:apk/wolfi/wavefront-proxy-compatpkg:apk/wolfi/wavefront-proxy-configpkg:apk/wolfi/wavefront-proxy-licensespkg:apk/wolfi/wavefront-proxy-oci-entrypointpkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-oci-entrypointpkg:apk/wolfi/zipkin-slimpkg:maven/org.apache.logging.log4j/log4j-corepkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/log4j&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/log4j&distro=openSUSE%20Tumbleweedpkg:rpm/suse/log4j&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 3.2.0-r0+ 314 more
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 0.27.0-r1
- (no CPE)range: < 6.1.8-r3
- (no CPE)range: < 2.44.0-r2
- (no CPE)range: < 2.44.0-r2
- (no CPE)range: < 6.1.8-r3
- (no CPE)range: < 2.16.0-r2
- (no CPE)range: < 2.16.0-r2
- (no CPE)range: < 4.1.3-r0
- (no CPE)range: < 2.9.4-r7
- (no CPE)range: < 3.0.0-r20
- (no CPE)range: < 3.0.0-r20
- (no CPE)range: < 3.1.0-r17
- (no CPE)range: < 3.1.0-r17
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 2.9.4-r2
- (no CPE)range: < 2.9.4-r2
- (no CPE)range: < 3.0.0-r3
- (no CPE)range: < 3.0.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 8.3.22-r11
- (no CPE)range: < 8.3.22-r11
- (no CPE)range: < 8.4.21-r10
- (no CPE)range: < 8.4.21-r10
- (no CPE)range: < 8.5.25-r3
- (no CPE)range: < 8.5.25-r3
- (no CPE)range: < 8.6.34-r2
- (no CPE)range: < 8.7.21-r2
- (no CPE)range: < 8.7.21-r2
- (no CPE)range: < 8.8.8-r2
- (no CPE)range: < 8.8.8-r2
- (no CPE)range: < 0.5.4-r13
- (no CPE)range: < 0.5.4-r13
- (no CPE)range: < 0.6.2-r3
- (no CPE)range: < 0.6.2-r3
- (no CPE)range: < 8.19.14-r0
- (no CPE)range: < 9.2.8-r0
- (no CPE)range: < 9.3.3-r0
- (no CPE)range: < 9.4.2-r0
- (no CPE)range: < 8.3.0.99-r0
- (no CPE)range: < 8.3.0.113-r1
- (no CPE)range: < 35.0.1-r2
- (no CPE)range: < 35.0.1-r2
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 9.1.10-r5
- (no CPE)range: < 9.1.10-r5
- (no CPE)range: < 9.2.8-r3
- (no CPE)range: < 9.2.8-r3
- (no CPE)range: < 9.3.0-r2
- (no CPE)range: < 9.3.0-r2
- (no CPE)range: < 8.19.13-r4
- (no CPE)range: < 9.0.8-r15
- (no CPE)range: < 9.0.8-r15
- (no CPE)range: < 9.1.10-r12
- (no CPE)range: < 9.2.7-r2
- (no CPE)range: < 9.3.0-r2
- (no CPE)range: < 1.19.3-r3
- (no CPE)range: < 1.19.3-r3
- (no CPE)range: < 1.20.3-r1
- (no CPE)range: < 2.0.1-r2
- (no CPE)range: < 2.0.1-r2
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 2.2.0-r1
- (no CPE)range: < 2.2.0-r1
- (no CPE)range: < 2.27.4-r1
- (no CPE)range: < 2.27.4-r1
- (no CPE)range: < 2.27.4-r1
- (no CPE)range: < 2.28.1-r3
- (no CPE)range: < 2.28.1-r3
- (no CPE)range: < 2.28.1-r3
- (no CPE)range: < 12.0-r1
- (no CPE)range: < 15.0.21-r3
- (no CPE)range: < 15.0.21-r3
- (no CPE)range: < 15.1.7-r5
- (no CPE)range: < 15.1.7-r5
- (no CPE)range: < 15.1.7-r5
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.1.1-r1
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 0.33.1-r7
- (no CPE)range: < 0.33.1-r7
- (no CPE)range: < 0.33.1-r2
- (no CPE)range: < 0.33.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.1.1-r1
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.12.0-r20
- (no CPE)range: < 0.12.0-r20
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 2025.05.1-r11
- (no CPE)range: < 2025.05.1-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.09.0-r5
- (no CPE)range: < 2025.09.0-r5
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 5.26.18-r2
- (no CPE)range: < 5.26.18-r2
- (no CPE)range: < 2023.40-r3
- (no CPE)range: < 2.19.4-r6
- (no CPE)range: < 2.19.4-r12
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 9.10.1-r0
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 3.5.4-r19
- (no CPE)range: < 3.5.4-r19
- (no CPE)range: < 3.5.4-r19
- (no CPE)range: < 3.5.4-r19
- (no CPE)range: < 3.5.4-r19
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 25.9.0_git20251112-r7
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 7.3.0-r0
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 0.27.0-r1
- (no CPE)range: < 2.44.0-r2
- (no CPE)range: < 2.44.0-r2
- (no CPE)range: < 4.1.3-r0
- (no CPE)range: < 3.0.0-r20
- (no CPE)range: < 3.0.0-r20
- (no CPE)range: < 3.1.0-r17
- (no CPE)range: < 3.1.0-r17
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 3.2.3-r2
- (no CPE)range: < 0.5.4-r13
- (no CPE)range: < 0.5.4-r13
- (no CPE)range: < 0.6.2-r3
- (no CPE)range: < 0.6.2-r3
- (no CPE)range: < 8.3.0.99-r0
- (no CPE)range: < 35.0.1-r2
- (no CPE)range: < 35.0.1-r2
- (no CPE)range: < 1.20.3-r1
- (no CPE)range: < 2.0.1-r2
- (no CPE)range: < 2.0.1-r2
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 2.1.1-r2
- (no CPE)range: < 2.2.0-r1
- (no CPE)range: < 2.2.0-r1
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 15.2.6-r3
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.1.1-r1
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.1.1-r1
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.12.0-r20
- (no CPE)range: < 0.12.0-r20
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 2025.05.1-r11
- (no CPE)range: < 2025.05.1-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.06.2-r11
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.07.1-r10
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.08.0-r8
- (no CPE)range: < 2025.09.0-r5
- (no CPE)range: < 2025.09.0-r5
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 2025.10.1-r3
- (no CPE)range: < 5.26.18-r2
- (no CPE)range: < 5.26.18-r2
- (no CPE)range: < 2.19.4-r6
- (no CPE)range: < 2.19.4-r12
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 9.10.1-r0
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 3.5.7-r5
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 4.0.1-r4
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 0.49.1-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 13.9-r2
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: < 3.5.1-r10
- (no CPE)range: >= 2.0-beta9, < 2.25.3
- (no CPE)range: < 1.14.0-bp160.1.1
- (no CPE)range: < 2.20.0-150200.4.30.1
- (no CPE)range: < 2.20.0-1.1
- (no CPE)range: < 2.20.0-150200.4.30.1
Patches
Vulnerability mechanics
References
10- github.com/apache/logging-log4j2/pull/4002ghsapatchWEB
- github.com/advisories/GHSA-vc5p-v9hr-52mjghsaADVISORY
- lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvxghsavendor-advisoryWEB
- logging.apache.org/cyclonedx/vdr.xmlghsavendor-advisoryWEB
- logging.apache.org/security.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-68161ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/12/18/1ghsaWEB
- github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578ghsaWEB
- logging.apache.org/log4j/2.x/manual/appenders/network.htmlghsarelatedWEB
- logging.apache.org/log4j/2.x/manual/systemproperties.htmlghsarelatedWEB
News mentions
1- SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver PatchedCyber Security News · Jun 9, 2026