Log4J CVE Vulnerabilities

By Apache1 known vulnerabilities

Critical
0
High
0
Medium
1
Low
0
None
0

All Log4J CVEs

Recent Highest Score Oldest
CVE-2025-68161
4.8 medium

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribut

Dec 18, 2025