CVE-2025-54813

CWE-1177 documents7 sources
Severity
6.3MEDIUM
EPSS
0.2%
top 56.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Log4cxxApache Log4cxx
Timeline
PublishedAug 22

Description

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Affected Packages3 packages

NVDapache/log4cxx< 1.5.0
CVEListV5apache_software_foundation/apache_log4cxx0.11.01.5.0
Debianlog4cxx< 0.11.0-2+deb11u1+3

Patches

Patch: github.com

🔴Vulnerability Details

3
CVEList
Apache Log4cxx: Improper escaping with JSONLayout2025-08-22
GHSA
GHSA-68p3-h5c2-5hcr: Improper Output Neutralization for Logs vulnerability in Apache Log4cxx2025-08-22
OSV
CVE-2025-54813: Improper Output Neutralization for Logs vulnerability in Apache Log4cxx2025-08-22

📋Vendor Advisories

3
Red Hat
apache-log4cxx: Log4cxx: Improper JSON Output Neutralization2025-08-22
Debian
CVE-2025-54813: log4cxx - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When u...2025
Apache
Apache logging: CVE-2025-54813
CVE-2025-54813 (MEDIUM CVSS 6.3) | Improper Output Neutralization for | cvebase.io