Security Bulletin: Vulnerability in Iog4j (CVE-2025-68161) affects IBM PowerVM Novalink.

Summary log4j is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

Astra Linux - уязвимость в apache-log4j2

In Apache Log4j Core versions 2.0-beta9 through 2.25.2, the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostNa...

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

EUVD-2026-21407

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

GHSA-6HG6-V5C8-FPHQ Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

Improper Validation of Certificate with Host Mismatch

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the lack of TLS hostname verification in the SocketAppender component when configured through the...

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

UBUNTU-CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)

Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.3 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

K000160192: Log4j vulnerability CVE-2025-68161

Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https: //logging. apache. org/log4j/2.x/manual/appenders/network...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.

Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

ROS-20260224-73-0013

A vulnerability in the Socket Appender component of the Apache Log4j Core logging library API implementation is related to incorrect certificate authentication. Exploitation of the vulnerability could allow a remote attacker to intercept log traffic...

Amazon Linux 2023 : log4j, log4j-jcl, log4j-slf4j (ALAS2023-2026-1398)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1398 advisory. The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName...

Medium: log4j

Issue Overview: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName...

[SECURITY] [DLA 4444-1] apache-log4j2 security update

Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.17.1-1deb11u2 CVE ID : CVE-2025-68161 Debian Bug : 1123744 In Apache Log4j2, a Java Logging Framework, t...

Apache Log4j 2.0-beta9 < 2.25.3 MitM

The version of Apache Log4j on the remote host is 2.0-beta9 through 2.25.2. The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName...

Improper TLS Hostname Verification

org.apache.logging.log4j, log4j-core is vulnerable to improper TLS hostname verification. The vulnerability is due to the Socket Appender not enforcing TLS hostname verification even when explicitly enabled, which allows a man-in-the-middle attacker to intercept or redirect log traffic by...