[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-68161":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":35,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":59,"related":60,"reserved_at":9,"published_at":98,"modified_at":99,"state":100,"summary":101,"references_raw":109,"kevs":164,"epss":165,"epss_history":168,"metrics":446,"affected":460},"CVE-2025-68161","The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the  verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName  configuration attribute or the  log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName  system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n  *  The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n  *  The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.",null,[11,27],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],{"_key":28,"id":28,"name":29,"description":30,"type":15,"status":31,"abstraction":32,"likelihood_of_exploit":33,"capec":34},"CWE-297","Improper Validation of Certificate with Host Mismatch","The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.","Incomplete","Variant","High",[],[36],{"_key":37,"name":38,"source":39,"url":40,"maturity":41,"reliability_score":42,"verified":43,"type":9,"platforms":44,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5A7E41E1F3DCAEB1","Exploit Reference (logging.apache.org)","reference","https://logging.apache.org/security.html#CVE-2025-68161","unknown",0.2,false,[],[46],"GHSA-vc5p-v9hr-52mj",[],[49,51,53,55,57],{"_key":50},"SUSE-SU-2026:0254-1",{"_key":52},"OPENSUSE-SU-2026:10009-1",{"_key":54},"OPENSUSE-SU-2026:20099-1",{"_key":56},"DEBIAN-CVE-2025-68161",{"_key":58},"UBUNTU-CVE-2025-68161",[],[61,62,63,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":50},{"_key":52},{"_key":54},{"_key":65},"CGA-33X7-WG96-6HPC",{"_key":67},"CGA-38XR-XX49-MCFM",{"_key":69},"CGA-3MX6-9MCQ-3RG2",{"_key":71},"CGA-4FC4-4FMV-FQ64",{"_key":73},"CGA-4PHJ-QJGM-9WQX",{"_key":75},"CGA-7G49-277J-M8RR",{"_key":77},"CGA-7RGM-5MMM-6VVC",{"_key":79},"CGA-87FX-92QF-F57F",{"_key":81},"CGA-8C8Q-FC99-FHC8",{"_key":83},"CGA-8HPW-V4XP-4XX4",{"_key":85},"CGA-C2V2-GF4F-XH9J",{"_key":87},"CGA-CM66-28Q5-53HP",{"_key":89},"CGA-CPV7-Q233-V285",{"_key":91},"CGA-GH5P-9H5M-828Q",{"_key":93},"CGA-WCRF-PXPP-94M7",{"_key":95},"CGA-WRVR-HVW3-QQHW",{"_key":97},"CGA-Q2VW-H755-47MH","2025-12-18T20:47:49.123Z","2026-04-10T16:18:50.424Z","Modified",{"cisa_kev":43,"cisa_ransomware":43,"cisa_vendor":9,"epss_severity":102,"epss_score":103,"severity":104,"severity_score":105,"severity_version":106,"severity_source":107,"severity_vector":108,"severity_status":100},"low",0.00029,"medium",6.3,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N",[110,119,124,128,134,138,143,147,151,156,160],{"url":111,"sources":112,"tags":115},"https://github.com/apache/logging-log4j2/pull/4002",[107,113,114],"nvd","osv_maven",[116,117,118],"Patch","Issue Tracking","WEB",{"url":40,"sources":120,"tags":121},[107,113,114],[122,123,118],"Vendor Advisory","Exploit",{"url":125,"sources":126,"tags":127},"https://logging.apache.org/cyclonedx/vdr.xml",[107,113,114],[122,118],{"url":129,"sources":130,"tags":131},"https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName",[107,113,114],[132,133,118],"Related","Product",{"url":135,"sources":136,"tags":137},"https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName",[107,113,114],[132,133,118],{"url":139,"sources":140,"tags":141},"https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx",[107,113,114],[122,142,118],"Mailing List",{"url":144,"sources":145,"tags":146},"http://www.openwall.com/lists/oss-security/2025/12/18/1",[107,113,114],[142,118],{"url":148,"sources":149,"tags":150},"https://lists.debian.org/debian-lts-announce/2026/01/msg00015.html",[107,113],[],{"url":152,"sources":153,"tags":154},"https://nvd.nist.gov/vuln/detail/CVE-2025-68161",[114],[155],"Advisory",{"url":157,"sources":158,"tags":159},"https://github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578",[114],[118],{"url":161,"sources":162,"tags":163},"https://github.com/apache/logging-log4j2",[114],[118],[],{"date":166,"score":103,"percentile":167},"2026-06-05",0.08912,[169,173,176,179,182,185,189,192,195,198,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,249,252,255,258,261,264,268,272,276,279,282,285,288,291,294,297,301,304,307,310,313,316,319,322,325,328,331,334,337,341,344,347,350,353,356,359,361,364,367,370,373,376,380,383,386,389,392,395,398,401,405,408,410,413,416,419,422,425,428,431,434,437,440,443],{"date":170,"score":171,"percentile":172},"2025-12-19",0.00028,0.0733,{"date":174,"score":171,"percentile":175},"2025-12-20",0.0732,{"date":177,"score":171,"percentile":178},"2025-12-21",0.07308,{"date":180,"score":171,"percentile":181},"2025-12-22",0.07262,{"date":183,"score":171,"percentile":184},"2025-12-23",0.0724,{"date":186,"score":187,"percentile":188},"2025-12-24",0.00037,0.10623,{"date":190,"score":187,"percentile":191},"2025-12-25",0.10706,{"date":193,"score":187,"percentile":194},"2025-12-26",0.10699,{"date":196,"score":187,"percentile":197},"2025-12-27",0.107,{"date":199,"score":187,"percentile":194},"2025-12-28",{"date":201,"score":187,"percentile":202},"2025-12-29",0.10667,{"date":204,"score":187,"percentile":205},"2025-12-30",0.10646,{"date":207,"score":187,"percentile":208},"2025-12-31",0.10695,{"date":210,"score":187,"percentile":211},"2026-01-01",0.10739,{"date":213,"score":187,"percentile":214},"2026-01-02",0.10736,{"date":216,"score":187,"percentile":217},"2026-01-03",0.10708,{"date":219,"score":187,"percentile":220},"2026-01-04",0.10635,{"date":222,"score":187,"percentile":223},"2026-01-05",0.10591,{"date":225,"score":187,"percentile":226},"2026-01-06",0.10585,{"date":228,"score":187,"percentile":229},"2026-01-07",0.10614,{"date":231,"score":187,"percentile":232},"2026-01-08",0.10669,{"date":234,"score":187,"percentile":235},"2026-01-09",0.10698,{"date":237,"score":187,"percentile":238},"2026-01-10",0.10717,{"date":240,"score":187,"percentile":241},"2026-01-11",0.10696,{"date":243,"score":187,"percentile":244},"2026-01-12",0.10671,{"date":246,"score":247,"percentile":248},"2026-01-13",0.00112,0.30441,{"date":250,"score":247,"percentile":251},"2026-01-14",0.30487,{"date":253,"score":247,"percentile":254},"2026-01-15",0.30483,{"date":256,"score":247,"percentile":257},"2026-01-16",0.30509,{"date":259,"score":247,"percentile":260},"2026-01-17",0.30502,{"date":262,"score":247,"percentile":263},"2026-01-18",0.30444,{"date":265,"score":266,"percentile":267},"2026-01-19",0.00143,0.35033,{"date":269,"score":270,"percentile":271},"2026-01-20",0.0014,0.34535,{"date":273,"score":274,"percentile":275},"2026-01-21",0.00244,0.47422,{"date":277,"score":274,"percentile":278},"2026-01-22",0.47426,{"date":280,"score":274,"percentile":281},"2026-01-23",0.47476,{"date":283,"score":274,"percentile":284},"2026-01-24",0.47482,{"date":286,"score":274,"percentile":287},"2026-01-25",0.47429,{"date":289,"score":274,"percentile":290},"2026-01-26",0.47398,{"date":292,"score":274,"percentile":293},"2026-01-27",0.47404,{"date":295,"score":274,"percentile":296},"2026-01-28",0.47413,{"date":298,"score":299,"percentile":300},"2026-01-29",0.00331,0.55523,{"date":302,"score":299,"percentile":303},"2026-01-30",0.55529,{"date":305,"score":299,"percentile":306},"2026-01-31",0.55534,{"date":308,"score":299,"percentile":309},"2026-02-01",0.55675,{"date":311,"score":299,"percentile":312},"2026-02-02",0.5565,{"date":314,"score":299,"percentile":315},"2026-02-03",0.55656,{"date":317,"score":299,"percentile":318},"2026-02-04",0.55513,{"date":320,"score":299,"percentile":321},"2026-02-05",0.55522,{"date":323,"score":299,"percentile":324},"2026-02-06",0.55536,{"date":326,"score":299,"percentile":327},"2026-02-07",0.55543,{"date":329,"score":299,"percentile":330},"2026-02-08",0.55544,{"date":332,"score":299,"percentile":333},"2026-02-09",0.55519,{"date":335,"score":299,"percentile":336},"2026-02-10",0.55521,{"date":338,"score":339,"percentile":340},"2026-02-11",0.00276,0.5061,{"date":342,"score":339,"percentile":343},"2026-02-12",0.50631,{"date":345,"score":339,"percentile":346},"2026-02-13",0.5062,{"date":348,"score":339,"percentile":349},"2026-02-14",0.50626,{"date":351,"score":339,"percentile":352},"2026-02-15",0.50623,{"date":354,"score":339,"percentile":355},"2026-02-16",0.50598,{"date":357,"score":339,"percentile":358},"2026-02-17",0.50574,{"date":360,"score":339,"percentile":340},"2026-02-18",{"date":362,"score":339,"percentile":363},"2026-02-19",0.50653,{"date":365,"score":339,"percentile":366},"2026-02-20",0.50673,{"date":368,"score":339,"percentile":369},"2026-02-21",0.50703,{"date":371,"score":339,"percentile":372},"2026-02-22",0.50688,{"date":374,"score":339,"percentile":375},"2026-02-23",0.50672,{"date":377,"score":378,"percentile":379},"2026-02-24",0.00288,0.51887,{"date":381,"score":378,"percentile":382},"2026-02-25",0.51895,{"date":384,"score":378,"percentile":385},"2026-02-26",0.51916,{"date":387,"score":378,"percentile":388},"2026-02-27",0.51925,{"date":390,"score":378,"percentile":391},"2026-02-28",0.51918,{"date":393,"score":378,"percentile":394},"2026-03-01",0.52033,{"date":396,"score":378,"percentile":397},"2026-03-02",0.52018,{"date":399,"score":378,"percentile":400},"2026-03-03",0.52027,{"date":402,"score":403,"percentile":404},"2026-03-04",0.00101,0.27778,{"date":406,"score":403,"percentile":407},"2026-03-05",0.27849,{"date":409,"score":403,"percentile":407},"2026-03-06",{"date":411,"score":403,"percentile":412},"2026-03-07",0.27827,{"date":414,"score":403,"percentile":415},"2026-03-08",0.27809,{"date":417,"score":403,"percentile":418},"2026-03-09",0.2778,{"date":420,"score":403,"percentile":421},"2026-03-10",0.27761,{"date":423,"score":403,"percentile":424},"2026-03-11",0.27738,{"date":426,"score":403,"percentile":427},"2026-03-12",0.27776,{"date":429,"score":403,"percentile":430},"2026-03-13",0.27817,{"date":432,"score":403,"percentile":433},"2026-03-14",0.2781,{"date":435,"score":403,"percentile":436},"2026-03-15",0.27735,{"date":438,"score":403,"percentile":439},"2026-03-16",0.27739,{"date":441,"score":403,"percentile":442},"2026-03-17",0.27711,{"date":444,"score":403,"percentile":445},"2026-03-18",0.27696,[447,450,458],{"source":107,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":448},{"baseScore":105,"baseSeverity":449,"vectorString":108,"impactScore":9,"exploitabilityScore":9},"MEDIUM",{"source":113,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":451,"cvss_v4_0":456},{"baseScore":452,"baseSeverity":449,"vectorString":453,"impactScore":454,"exploitabilityScore":455},4.8,"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",4.2,5.6,{"baseScore":105,"baseSeverity":449,"vectorString":457,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":114,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":459},{"baseScore":105,"baseSeverity":9,"vectorString":108,"impactScore":9,"exploitabilityScore":9},[461,478,496],{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"Apache Log4j Core","apache software foundation","apache log4j core","a",[467,474],{"version":468,"is_range":469,"range_type":107,"version_start":470,"version_start_type":471,"version_end":472,"version_end_type":473,"fixed_in":9},">= 2.0-beta9, \u003C 2.25.3",true,"2.0-beta9","including","2.25.3","excluding",{"version":475,"is_range":469,"range_type":107,"version_start":476,"version_start_type":471,"version_end":477,"version_end_type":471,"fixed_in":9},">= 3.0.0-alpha1, \u003C= 3.0.0-beta3","3.0.0-alpha1","3.0.0-beta3",{"ecosystem":9,"name":479,"vendor":480,"product":479,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"log4j","apache",[482,486,488,490,492,494],{"version":483,"is_range":469,"range_type":484,"version_start":485,"version_start_type":471,"version_end":472,"version_end_type":473,"fixed_in":9},"gte2.0.1_lt2.25.3","cpe","2.0.1",{"version":487,"is_range":43,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0",{"version":489,"is_range":43,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0:beta9",{"version":491,"is_range":43,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0:rc1",{"version":493,"is_range":43,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0:rc1-rc1",{"version":495,"is_range":43,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0:rc2",{"ecosystem":497,"name":498,"vendor":499,"product":500,"cpe_part":9,"purl_type":501,"purl_namespace":499,"purl_name":500,"source":9,"versions":502},"Maven","org.apache.logging.log4j:log4j-core","org.apache.logging.log4j","log4j-core","maven",[503],{"version":504,"is_range":469,"range_type":505,"version_start":470,"version_start_type":471,"version_end":472,"version_end_type":473,"fixed_in":9},"gte2_0_beta9_lt2_25_3","ecosystem"]