Apache Logging Services has disclosed a critical security vulnerability in Log4j Core that exposes applications to potential interception of log data.
The flaw resides in the Socket Appender component. It affects versions 2.0-beta9 through 2.25.2, creating a man-in-the-middle attack vector for malicious actors.
The Socket Appender in affected Log4j versions fails to verify the TLS hostname of peer certificates properly. Even when administrators explicitly enable the verification feature through configuration.
This oversight allows attackers positioned between a client and a log receiver to intercept or redirect sensitive logging traffic. The vulnerability requires specific conditions to exploit.
| CVE ID | Component | Affected Versions | CVSS Score | Issue |
|---|---|---|---|---|
| CVE-2025-68161 | Apache Log4j Core | 2.0-beta9 through 2.25.2 | 6.3 | Missing TLS hostname verification in Socket appender |
Attackers must intercept network traffic between the client and the log receiver while presenting a server certificate issued by a trusted certification authority.
If the Socket Appender trusts that certificate through its configured trust store, the attack succeeds, potentially exposing mission-critical log data.
Logging frameworks handle sensitive information by design, including user activities, system events, and application behavior data. Log files often contain sensitive information that organizations must protect.
This vulnerability undermines that protection by allowing unauthorized third parties to access log streams without detection.
The Apache Logging Services Security Team assigned this issue a CVSS 4.0 score of 6.3, classified as MEDIUM severity.
The scoring reflects the attack complexity and specific prerequisites required for successful exploitation.
Background on Log4j Security
Apache has released version 2.25.3 of Log4j Core, which thoroughly addresses this TLS hostname verification issue.
Organizations using affected versions should prioritize upgrading immediately to secure their logging infrastructure.
For systems unable to upgrade immediately, Apache recommends carefully restricting the use of trust stores.
Following NIST SP 800-52 Rev. 2 guidelines, administrators should configure trust stores to contain only the necessary CA certificates required for specific communication scopes, such as private or enterprise CAs.
The Logging Services Security Team maintains a comprehensive security vulnerability disclosure program.
The organization prioritizes accuracy, completeness, and availability of security information through its centralized vulnerability tracking system and Vulnerability Disclosure Report published at logging.apache.org.
Organizations relying on Log4j should review their current versions and implement necessary updates promptly.
The Apache Logging Services team continues to monitor dependencies and address security threats affecting its widely deployed logging solutions used across enterprise applications globally.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
