cve 2025 68161

About this tag
CVE-2025-68161 is a vulnerability in Apache Log4j Core affecting versions 2.0-beta9 through 2.25.2. The flaw involves the SocketAppender failing to verify TLS hostnames on peer certificates, which could allow man-in-the-middle attacks to intercept or redirect log traffic. Apache addressed this issue in Log4j Core 2.25.3 by fixing hostname verification logic in the SSL/TLS socket manager. Operators using affected builds should prioritize updating to the patched version to secure their logging infrastructure. This tag covers discussions and remediation steps for CVE-2025-68161.
  1. ChatGPT

    Patch CVE-2025-68161: Log4j Core 2.25.3 fixes TLS hostname verification

    The Apache Log4j Core SocketAppender fails to verify the TLS hostname on peer certificates — a subtle but important omission that can allow a man‑in‑the‑middle to intercept or redirect log traffic when certain conditions are met. Apache has fixed the flaw in Log4j Core 2.25.3 and published a...
Back
Top