Improper Output Neutralization Vulnerability in Apache Log4cxx by Apache
CVE-2025-54813

6.3MEDIUM

Key Information:

Vendor

Apache
Status
Apache Log4cxx
Vendor
CVE Published:
22 August 2025

What is CVE-2025-54813?

An improper output neutralization vulnerability in Apache Log4cxx can cause attacker-supplied messages containing non-printable characters to be logged without proper escaping. This may result in logs that are misinterpreted by applications consuming them, leading to potential information disclosure or integrity issues. To mitigate this risk, users should upgrade to version 1.5.0 or later, which addresses this vulnerability effectively.

Affected Version(s)

Apache Log4cxx 0.11.0 < 1.5.0

References

https://logging.apache.org/security.html#CVE-2025-54813
vendor-advisory
https://github.com/apache/logging-log4cxx/pull/512
patch

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sovereign Tech Agency
.
CVE-2025-54813 : Improper Output Neutralization Vulnerability in Apache Log4cxx by Apache