CNNVD-202508-2685 Information
CNNVD ID
CNNVD-202508-2685
Related CVE
- CNNVD Published: 2025-08-22
Description (Chinese)
Apache Log4cxx是美国阿帕奇(Apache)基金会的一个以 Apache log4j 为模式的 C++ 日志框架。 Apache Log4cxx 1.5.0之前版本存在安全漏洞,该漏洞源于JSONLayout未正确转义所有有效载荷字节,可能导致日志解析错误。
Description (English)
Apache Log4xx is a C++ log frame based on Apache Log4j. There was a security loophole in the pre-Apache Log4xx 1.5.0 version, which originated from the fact that JSONLayout had not correctly transposed all payload bytes, which could lead to a log resolution error.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-08-22
Last Modified
2026-02-24
References
https://logging.apache.org/security.html#CVE-2025-54813 https://github.com/apache/logging-log4cxx/pull/512 https://nvd.nist.gov/vuln/detail/CVE-2025-54813 https://access.redhat.com/security/cve/cve-2025-54813 https://vigilance.fr/vulnerability/Apache-Log4cxx-ingress-filtrering-bypass-via-JSONLayout-48390
Patch
https://logging.apache.org/security.html#CVE
Share on: