A recent security scan has detected that the version of Log4j present in the Apache setup of dSeries is vulnerable to a MitM attack, per the version it is running.

The plugin reports as: Apache Log4j 2.0-beta9 < 2.25.3 MitM, based on CVE-2025-68161.

Is there a mitigation for this currently available in dSeries?

Release: 25.0

The vulnerability is exploitable only if ALL of these are true:

1. You are using Socket Appender over TLS
   Example:
   
   • SocketAppender
   • SslConfiguration
2. Logs are sent over network to a remote log collector
   
   
3. The attacker can intercept network traffic
   Example:
   
   • compromised network
   • internal malicious actor
   • compromised gateway
4. Attacker has a certificate signed by a trusted CA

Basically, dSeries is not impacted by this vulnerability.