Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/24009?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24009?format=api", "vulnerability_id": "VCID-gcyx-fdns-k3bt", "summary": "Apache Log4j does not verify the TLS hostname in its Socket Appender\nThe Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the [verifyHostName](https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName) configuration attribute or the [log4j2.sslVerifyHostName](https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName) system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n* The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n* The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.", "aliases": [ { "alias": "CVE-2025-68161" }, { "alias": "GHSA-vc5p-v9hr-52mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583999?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/921503?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586336?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.19.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.19.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/67066?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038193?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.0~beta9-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-8977-tjss-w7ba" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-jwav-88m7-6fhz" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" }, { "vulnerability": "VCID-sjuz-dd96-sqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.0~beta9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038194?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.7-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8977-tjss-w7ba" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-jwav-88m7-6fhz" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" }, { "vulnerability": "VCID-sjuz-dd96-sqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.7-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038195?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.17.1-1~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.17.1-1~deb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054116?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.17.1-1~deb11u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/584000?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.19.0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.19.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586336?format=api", "purl": "pkg:deb/debian/apache-log4j2@2.19.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j2@2.19.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/67065?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-jwav-88m7-6fhz" }, { "vulnerability": "VCID-khr7-6pza-afab" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9" }, { "url": "http://public2.vulnerablecode.io/api/packages/205214?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-khr7-6pza-afab" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205215?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-khr7-6pza-afab" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/56413?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/198543?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/198544?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/198545?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/198546?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/198547?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42059?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42879?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42877?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-jwav-88m7-6fhz" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/198548?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/198549?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/198550?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/198551?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/198552?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/198553?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/198554?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/198555?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73011?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/205216?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/205217?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205218?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/205219?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/205220?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/205221?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/205222?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/205223?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42060?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/42585?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42880?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/42878?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-8977-tjss-w7ba" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-jwav-88m7-6fhz" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" }, { "vulnerability": "VCID-sjuz-dd96-sqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/205224?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73345?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/275967?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/275968?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/275969?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42058?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42269?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42586?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/42881?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859494?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/859495?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859496?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.19.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859497?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.20.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859498?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.21.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.21.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859499?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.21.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.21.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859500?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.22.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859501?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859502?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.23.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.23.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859503?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859504?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.24.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859505?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.24.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859506?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.24.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/859507?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/859508?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/859509?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/859510?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07453", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07206", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07215", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07185", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07404", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07353", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07424", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09795", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09889", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09926", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10799", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10785", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://github.com/apache/logging-log4j2/pull/4002" }, { "reference_url": "https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx" }, { "reference_url": "https://logging.apache.org/cyclonedx/vdr.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName" }, { "reference_url": "https://logging.apache.org/security.html#CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/security.html#CVE-2025-68161" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/12/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/12/18/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123744", "reference_id": "1123744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423705", "reference_id": "2423705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423705" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161", "reference_id": "CVE-2025-68161", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161" }, { "reference_url": "https://github.com/advisories/GHSA-vc5p-v9hr-52mj", "reference_id": "GHSA-vc5p-v9hr-52mj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vc5p-v9hr-52mj" } ], "weaknesses": [ { "cwe_id": 297, "name": "Improper Validation of Certificate with Host Mismatch", "description": "The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyx-fdns-k3bt" }