You request to know if Symantec Protection Engine (SPE) is impacted by CVE-2025-68161.

SPE 9.x

SPE does not utilize the socket appender component (the vulnerable component in this CVE) and is therefore not impacted by CVE-2025-68161.  Additionally the log4j2 version will be updated to 2.25.3, which is not impacted by CVE-2025-68161, in a future version of SPE.

Additional details: 
- The file: "sperestapi.jar" is required for the UI and REST API (for scanning) to function.
- To resolve the vulnerability (CVE-2025-68161), please upgrade your SPE scanner to version 9.3.1, which addresses this issue.
NOTE: Should you decide to upgrade your SPE scanner to 9.3.1, make sure you upgrade your SPE console to the same version per best practices.