By rssfeeds-admin The newly discovered flaw, tracked as CVE-2025-68161, enables attackers to intercept or redirect sensitive log data by exploiting a weakness in how the software handles secure connections.
Vulnerability Overview
The vulnerability affects the Socket Appender component in Apache Log4j Core, which is responsible for sending log data over networks to central servers.
The flaw stems from missing TLS hostname verification, a critical security control that should validate server identity during secure connections.
Security researchers discovered that Log4j versions 2.0-beta9 through 2.25.2 fail to perform proper hostname verification, even when administrators explicitly enable the verifyHostName setting or the system property log4j2.sslVerifyHostName.
The software essentially ignores instructions to verify the server’s identity.
| Metric | Details |
|---|---|
| CVE ID | CVE-2025-68161 |
| Vulnerability Type | Missing TLS Hostname Verification |
| Affected Component | Apache Log4j Core |
| Affected Versions | 2.0-beta9 through 2.25.2 |
| Fixed Version | 2.25.3 |
| CVSS Score | 6.3 (Medium) |
This oversight creates an opening for Man-in-the-Middle (MitM) attacks. If attackers position themselves between client applications and log servers, they can intercept traffic using only a valid certificate issued by a trusted authority.
Because Log4j fails to verify that the certificate name matches the intended destination, it mistakenly trusts the attacker’s server and sends log data to it directly.
The impact is substantial because application logs often contain highly sensitive technical details, debugging information, and, in some cases, user data.
If intercepted, this information could help attackers map internal networks and identify additional vulnerabilities to exploit.
Security researcher Samuli Leinonen discovered the vulnerability and reported it through the Apache Log4j Bug Bounty Program.
In response, the Apache team released Log4j Core version 2.25.3, which fully resolves the issue by enforcing proper hostname verification.
Users are strongly advised to upgrade immediately. For organizations unable to upgrade immediately, administrators should restrict the trust store to only the certificates required for their communication, significantly reducing the likelihood that an attacker’s certificate will be accepted.
Organizations relying on Log4j should prioritize this update to ensure their log data remains secure against interception attacks.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Apache Log4j Vulnerability Allows Attackers to Intercept Sensitive Log Data appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.