CVE-2025-68161 describes an issue in Apache Log4j Core versions 2.0-beta9 through 2.25.2 where the Socket Appender does not perform TLS hostname verification even when verifyHostName or log4j2.sslVerifyHostName is enabled. This could allow a man-in-the-middle attack under certain network and certificate trust conditions.

DU 7.00.XX, 7.01.XX

Engineering confirmed that none of the DU components are affected with this vulnerability.
Additionally the log4j will be upgraded to 2.25.3 in 7.01.21 release