Log4J Vulnerability CVE-2025-68161 found up until Version 15.2 (4382407)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Log4J Vulnerability CVE-2025-68161 found up until Version 15.2
Description

Customers report security software scans detecting vulnerabilities in the installation log4j files.
Cause

Defect ID SES-2121:
Log4j Core versions up to version 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName.
Resolution

SOLUTION:

Please contact support and ask for a hotfix where log4j is updated to version 2.25.3, where this vulnerability is resolved.

This hotfix, will be included for future Spotlight enterprise releases.
Additional Information

https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-37215/version_id-783625/Apache-Log4j-2.17.1.html

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title