Code Execution Vulnerability in Java Applications Using QOS.CH Logback-Core
CVE-2025-11226
What is CVE-2025-11226?
A critical vulnerability exists in QOS.CH Logback-Core, specifically in its conditional configuration file processing. In Java applications, an attacker can exploit this vulnerability by manipulating an existing logback configuration file or injecting a malicious environment variable prior to program execution. Successful exploitation is contingent on the presence of the Janino library and Spring Framework in the user's class path, as well as the attacker having write access to the configuration file. Additionally, an attack can involve pointing to a compromised configuration file via a harmful environment variable. These conditions necessitate existing privileges to execute the attack effectively.
Affected Version(s)
Logback-core Java 0.9.20 <= 1.5.18
Logback-core Java 0.9.20 <= 1.5.18
Logback-core Java 1.5.19