CVE-2025-54813
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-04

Assigner: Apache Software Foundation

Description
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54813
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache log4cxx to 1.5.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Output Neutralization for Logs issue in Apache Log4cxx when using JSONLayout. Specifically, not all payload bytes are properly escaped, so if an attacker supplies a message containing certain non-printable characters, these characters are included in the JSON log output. This can cause applications that consume these logs to misinterpret the log information.

Impact Analysis

The vulnerability can impact you by causing applications that process the logs to incorrectly interpret the log data due to unescaped non-printable characters. This may lead to incorrect logging behavior, potential confusion in log analysis, or issues in systems relying on accurate log data for monitoring or security purposes.

Mitigation Strategies

Users are recommended to upgrade Apache Log4cxx to version 1.5.0 or later, which fixes the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54813. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart