CNNVD-202508-2686 Information

CNNVD ID

CNNVD-202508-2686

Related CVE

CVE-2025-54812

• CNNVD Published: 2025-08-22

Description (Chinese)

Apache Log4cxx是美国阿帕奇（Apache）基金会的一个以 Apache log4j 为模式的 C++ 日志框架。 Apache Log4cxx 1.5.0之前版本存在安全漏洞，该漏洞源于HTMLLayout未正确转义记录器名称，可能导致跨站脚本攻击。

Description (English)

Apache Log4xx is a C++ log frame based on Apache Log4j. There was a security loophole in the pre-Apache Log4xx 1.5.0, which originated from the incorrect conversion of the name of the HTMLLayout recorder, which could lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-08-22

Last Modified

2026-02-24

References

https://logging.apache.org/security.html#CVE-2025-54812 https://github.com/apache/logging-log4cxx/pull/514 https://github.com/apache/logging-log4cxx/pull/509 https://access.redhat.com/security/cve/cve-2025-54812 https://nvd.nist.gov/vuln/detail/CVE-2025-54812

Patch

https://logging.apache.org/security.html#CVE