Our security team is telling us we need to upgrade log4j used by Workload Automation Agent to version 2.25.3 or later. 

CVE-2025-68161

Workload Automation Agent 12.1.x, 24.0, 24.1

The mentioned vulnerability is considered to have a medium impact only when the Log4j2 SocketAppender functionality is used. The Workload Automation Agent does not utilize this specific functionality of Log4j2; therefore, Agent is not impacted by this vulnerability.

However, to remediate the vulnerability for your security scan and satisfy compliance requirements, you have two options:

Option 1:

• Upgrade the Agent (Recommended) - Upgrade the agent to the latest release (version 24.2), which is shipped with Log4j 2.25.3.

Option 2:

• Manual Upgrade of Log4j Libraries - Steps to manually upgrade Log4j to version 2.25.x for AutoSys Workload Automation Agents