Primary Vulnerability: CVE-2025-68161
Severity: Medium (CVSS Score: 6.3)

Vulnerability Type: Improper Validation of Certificate with Host Mismatch.

Description: The Socket Appender in Log4j Core fails to perform TLS hostname verification of the peer certificate. Even if you explicitly enable verifyHostName in your configuration, the software essentially ignores it.

Impact: This allows a Man-in-the-Middle (MitM) attack. An attacker who can intercept network traffic between your application and the log server can present their own valid certificate. Because Log4j doesn't verify that the name on the certificate matches the server's hostname, it will trust the attacker and send your log data (which often contains sensitive info) to them.

Affected Versions: 2.0-beta9 through 2.25.2.

Fixed Version: 2.25.3 

• UIM 23.4 CU6
• probes that use Log4j logging mechanism

No workaround 

Scheduled to be updated to log4j-2.25.3 as part of UIM23.4 CU7(tentative release end of Feb 2026)