CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/apache/logging-log4cxx/pull/512	Issue Tracking Patch
https://logging.apache.org/security.html#CVE-2025-54813	Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/08/22/3
https://lists.debian.org/debian-lts-announce/2025/10/msg00002.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:log4cxx:*:*:*:*:*:*:*:*

History

04 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/08/22/3 - () https://lists.debian.org/debian-lts-announce/2025/10/msg00002.html -

Information

Published : 2025-08-22 19:15

Updated : 2025-11-04 22:16

NVD link : CVE-2025-54813

Mitre link : CVE-2025-54813

CVE.ORG link : CVE-2025-54813

JSON object : View

Products Affected

apache

log4cxx

CWE

CWE-117

Improper Output Neutralization for Logs

{"id": "CVE-2025-54813", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-22T19:15:40.003", "references": [{"url": "https://github.com/apache/logging-log4cxx/pull/512", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://logging.apache.org/security.html#CVE-2025-54813", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/22/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-117"}]}], "descriptions": [{"lang": "en", "value": "Improper Output Neutralization for Logs vulnerability in Apache Log4cxx.\n\nWhen using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them.\n\nThis issue affects Apache Log4cxx: before 1.5.0.\n\nUsers are recommended to upgrade to version 1.5.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n de salida incorrecta para registros en Apache Log4cxx. Al usar JSONLayout, no todos los bytes del payload se escapan correctamente. Si un mensaje proporcionado por un atacante contiene caracteres no imprimibles, estos se pasar\u00e1n en el mensaje y se escribir\u00e1n como parte del mensaje JSON. Esto puede impedir que las aplicaciones que consumen estos registros interpreten correctamente la informaci\u00f3n que contienen. Este problema afecta a Apache Log4cxx: versiones anteriores a la 1.5.0. Se recomienda actualizar a la versi\u00f3n 1.5.0, que soluciona el problema."}], "lastModified": "2025-11-04T22:16:29.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4cxx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1443DD-B968-4005-A287-964C6197FEB0", "versionEndExcluding": "1.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}