The flaw resides in the Socket Appender component. It affects versions 2.0-beta9 through 2.25.2, creating a man-in-the-middle attack vector for malicious actors.
The Socket Appender in affected Log4j versions fails to verify the TLS hostname of peer certificates properly. Even when administrators explicitly enable the verification feature through configuration.
This oversight allows attackers positioned between a client and a log receiver to intercept or redirect sensitive logging traffic. The vulnerability requires specific conditions to exploit.
| CVE ID | Component | Affected Versions | CVSS Score | Issue |
|---|---|---|---|---|
| CVE-2025-68161 | Apache Log4j Core | 2.0-beta9 through 2.25.2 | 6.3 | Missing TLS hostname verification in Socket appender |
Attackers must intercept network traffic between the client and the log receiver while presenting a server certificate issued by a trusted certification authority.
If the Socket Appender trusts that certificate through its configured trust store, the attack succeeds, potentially exposing mission-critical log data.
Logging frameworks handle sensitive information by design, including user activities, system events, and application behavior data. Log files often contain sensitive information that organizations must protect.
This vulnerability undermines that protection by allowing unauthorized third parties to access log streams without detection.
The Apache Logging Services Security Team assigned this issue a CVSS 4.0 score of 6.3, classified as MEDIUM severity.
The scoring reflects the attack complexity and specific prerequisites required for successful exploitation.
Apache has released version 2.25.3 of Log4j Core, which thoroughly addresses this TLS hostname verification issue.
Organizations using affected versions should prioritize upgrading immediately to secure their logging infrastructure.
For systems unable to upgrade immediately, Apache recommends carefully restricting the use of trust stores.
Following NIST SP 800-52 Rev. 2 guidelines, administrators should configure trust stores to contain only the necessary CA certificates required for specific communication scopes, such as private or enterprise CAs.
The Logging Services Security Team maintains a comprehensive security vulnerability disclosure program.
The organization prioritizes accuracy, completeness, and availability of security information through its centralized vulnerability tracking system and Vulnerability Disclosure Report published at logging.apache.org.
Organizations relying on Log4j should review their current versions and implement necessary updates promptly.
The Apache Logging Services team continues to monitor dependencies and address security threats affecting its widely deployed logging solutions used across enterprise applications globally.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apache Log4j Vulnerability Allow Attackers to Intercept Sensitive Log Data appeared first on Cyber Security News.
Watching a streamer find their way through the digital labyrinth of some spooky game—particularly one…
OpenAI has announced a new Bio Bug Bounty program for GPT-5.5 as part of its…
In the wake of the 2024 presidential election, communities across the country are still reeling…
Though we’ve previously reported that the anime adaptation of JoJo’s Bizarre Adventure: Steel Ball Run…
200 Years Ago John Clarke, directly opposite the Meeting House in Northampton, has on hand…
LEVERETT — A middle-aged man was transported to Baystate Medical Center in Springfield with “moderate-to-severe”…
This website uses cookies.